The dcopidlng script in KDE 3.3.2 creates temporary files with predictable
filenames, which allows local users to overwrite arbitrary files via a symlink
The kde BTS has more information:
it's now fixed in kdelibs-3.3.1-3.4, which is built in 4E-errata-candidate.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.