COMMAND

    KDE

SYSTEMS AFFECTED

    Systems running KDE

PROBLEM

    KDE is a sort  of neat desktop built  on the Qt widget  class (see
    http://www.kde.org).  A  word  of  warning  to  anyone  running it
    however  -  the  file  manager  talks  to the other modules over a
    basically unsecured TCP socket. You  can ask it to copy  files and
    all sorts of  lovely stuff.   Fortunately its not  got any obvious
    major  features  (the  file  copy  for  example  is to their local
    disk).   However if  you can  get a  file onto  their box (eg into
    their  anonymous  ftp  area)  you  can  ask  kfm  to  copy  it  to
    ~user/.rhosts.  Credit for this goes to Alan Cox.

SOLUTION

    The fix appears  to be to  make the KDE  software communicate over
    an AF_UNIX socket  and set file  permissions appropriately on  the
    socket name.  This requires  you rebuild  a fair  chunk of the KDE
    software but the end result seems to work as well as before.