In systemd 240, busopensystemwatchbindwithdescription in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sdbusset_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.