Version:            (using KDE KDE 3.4.0)
Installed from:    Debian testing/unstable Packages
OS:                Linux

The following was posted to Debian as http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298533 by Javier Fernández-Sanguino Peña <jfs@computer.org>. It would be nice if KDE included this fix (attached), which applies to the latest code:

---
Reviewing the Gentoo advisory GLSA 200503-14 [0] which refers to
CAN-2005-0365 I've checked out to see if our dcopidlng script was
vulnerable to the symlink attack found by Davide Madrisan even though it 
does not use /tmp.

It seems ours is not because the temporary file is 
created in the local directory (instead of in /tmp) directly, however, the 
creation does provide a way for a race condition.

I think the attached patch is a better fix for this issue than the one 
provided by Gentoo [1]. There are several bugs in Gentoo's fix:

1- The file is removed twice (once in the trap and once at the end of the 
fix)
2- Leaving temporary files in the home directory might not be good. Mktemp 
-t is better since users can set their TMPDIR environment variable to point 
to "/home/user/tmp" if they want to, but users without a home directory 
(think chroot) will work in any case (failsback to /tmp)
3- The temporafy file is still being create in an unsafe way (but in a safe 
directory), mktemp does this better

So, please use the attached patch (and maybe forward it upstream) for a 
next release.

[0] http://www.gentoo.org/security/en/glsa/glsa-200503-14.xml
[1] http://bugs.gentoo.org/attachment.cgi?id=51120&action=view
---