From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)


When you start up kde 1 in redhat 7, the autostart folder contains an 
autorun script to run autorun, but only if there is not already one 
running. However, kde appears to be failing to kill this process upon 
exiting kde. This causes an autorun process to be left over. Because this 
process is left over, when a second user logs in, their "personal" autorun 
will not start. However, if they put in a cdrom, it will still autorun, or 
attempt to, but with the first users permissions. Because most autorun 
scripts invoke an x command, and the x server is not allowing any 
unauthorized connections, this only shows up as "nothing" (no application 
pops up, but the cd is still mounted). However, if one executes an "xhost 
+ localhost" before inserting a cd, any applications (x or otherwise) will 
run from the autorun script, _with the permissions of the first user_ not 
the second user. I tested this with a cd that had a /autorun that just ran 
an xterm

Reproducible: Always
Steps to Reproduce:
1.Check to make sure there are no autorun processes running and enter in 
as a user into kde. Then exit from kde. A ctrl-alt-f1 will confirm an 
autorun is still running
2.login as any other user into kde. do an xhost + localhost. I only did 
this so I could see an xterm.
3. insert the cd...up comes your /autorun, with permissions of the first 
user. You would have to disable exe off the cd to prevent, which pretty 
much destroys the point of autorun
	

Actual Results:  since my /autorun on the cd just ram /usr/X11/bin/xterm, 
I got a root permission'd xterm (the autorun was running as root)

Expected Results:  the autorun should have died when I exited kde the 
first time

this was on redhat 7, running all the latest updates as of feb 8