D-Bus Security
dfuzzer
The authors of “Dfuzzer: A D-Bus Service Fuzzing Tool” (10.1109/ICSTW.2014.51) describe finding many security holes in projects which use D-Bus since these projects poorly sanitized input data from D-Bus. Some FOSS projects argued that these were bugs and not security issues, as their projects expect safe input data from D-Bus. GNOME Shell believe that there are no vulnerabilities “because D-Bus interface is intended to be used only by certain GNOME components which behave nicely”.
This is relevant today (LP#2015537), especially when D-Bus is unconfined by a LSM.
other
Keven Backhouse has a great write-ups on D-Bus vulnerabilities.