(In reply to Matthias Gerstner from comment #4) > The following findings resulted from this: > > - /etc/machine-id is world-writeable which is probably not what was intended. > The reason is found in the systemd spec file: > > if [ $1 -eq 1 ]; then > touch %{_sysconfdir}/machine-id > chmod 666 %{_sysconfdir}/machine-id > fi > > - Each process started from within the KDE login inherits a couple of open > UNIX domain socket file descriptors. Just open up a konsole and check ls -l > /proc/self/fd. These descriptors are open for read/write. They seem to be > connected to plasmashell process also running as the logged in user. So it > hopefully doesn���t pose a security issue. Anyways, inheriting those file > descriptors to arbitrary user processes does not look like a good idea. But > probably it is some great KDE concept in action that we���re seeing here? Please file bugs. Especially the systemd one needs to be fixed ASAP