systemd-mcp

The server implements robust authorization mechanisms (Polkit/D-Bus and OAuth2) for managing systemd units and reading logs. However, two critical tools, 'get_file' and 'get_man_page', do not perform any authorization checks within their respective MCP handlers (or underlying functions). This means that if these tools are enabled, any authenticated (via Polkit or OAuth2) or unauthenticated (if '--noauth' is used) client can read arbitrary files and retrieve any man page on the system, subject only to the permissions of the user running the 'systemd-mcp' server. If the server is run with elevated privileges (e.g., as root for HTTP mode, as recommended by the README), this constitutes a severe arbitrary file read vulnerability. Command execution through 'man', 'rpm', and 'getfacl' is present, but arguments are passed via exec.Command, reducing direct shell injection risk, though potential vulnerabilities in these external tools could still be a concern. No obvious hardcoded secrets or obfuscation were found.