ibus uses a GDBusServer with G_DBUS_SERVER_FLAGS_AUTHENTICATION_ALLOW_ANONYMOUS, and doesn't set a GDBusAuthObserver, which allows anyone who can connect to its AF_UNIX socket to authenticate and be authorized to send method calls. It also seems to use an abstract AF_UNIX socket, which does not have filesystem permissions, so the practical effect might be that a local attacker can connect to another user's ibus service and make arbitrary method calls.
An attacker who can access the AF_UNIX socket of another user could use it to monitor all the DBus methods called on the bus or call most available methods without any authorization check. This flaw could be used to intercept all the key strokes of a user connected to the graphical interface (e.g. gnome), change input context and perform other operations regularly done by the ibus command.
Name: Simon McVittie (Collabora Ltd.)
ibus receives the pressed key events only if an ibus Input Method (IM) framework is in use (e.g. Korean from the ibus-hangul package, Chinese input methods from the ibus-libpinyin, etc.), otherwise the Gnome uses other input frameworks (e.g. gtk-im-context-simple). Thus, the ability of an attacker to intercept the pressed keys depends on the Input Method configuration in use by the victim user.
Gnome uses the ibus input framework only when the user explicitly configures it or when some input method sources are in use, like Korean from the ibus-hangul package or Chinese input methods from the ibus-libpinyin. Input methods like en-US are not handled by ibus, thus if the victim user just use them the attacker will not be able to intercept the key strokes of that user.
Created ibus tracking bugs for this issue:
Affects: fedora-all [bug 1751940]