Comment # 4 on bug 1090647 from Matthias Gerstner

I had a look today on Leap15 using the security-scanner. I have put together a
list of interesting files in
https://pes.suse.de/Maintenance-Security/Products/leap15/.

The following findings resulted from this:

- /etc/machine-id is world-writeable which is probably not what was intended.
  The reason is found in the systemd spec file:

  if [ $1 -eq 1 ]; then
          touch     %{_sysconfdir}/machine-id
          chmod 666 %{_sysconfdir}/machine-id
  fi

- Each process started from within the KDE login inherits a couple of open
  UNIX domain socket file descriptors. Just open up a konsole and check ls -l
  /proc/self/fd. These descriptors are open for read/write. They seem to be
  connected to plasmashell process also running as the logged in user. So it
  hopefully doesn���t pose a security issue. Anyways, inheriting those file
  descriptors to arbitrary user processes does not look like a good idea. But
  probably it is some great KDE concept in action that we���re seeing here?