Similar problems arise when you want to use Unix domain sockets or named pipes in /tmp or other hostile directories.4.4
The KDE desktop comes with an application called kdesu which is a GUI frontend to the su program. In an act of unparalleled user-friendliness it will try to cache the password for you. Rather than storing it in a file, the password is handed to a separate daemon process that kdesu talks to via a Unix domain socket named /tmp/.kdesu_userid. The problem with this was that kdesu didn't care who or what had created the socket, and was willing to talk to anyone as long as the socket was there. This made it very easy for an attacker to write a rogue password caching daemon that, as a side effect, would ``cache'' the passwords in a file owned by the attacker.