In the attack scenario, this causes the grep command to fail due to $XUSER not having permission to read /proc/$(pidof kded4)/environ. However, we may want to clean this up a little more because qdbus is still executed. sbeattie also pointed out that $(pidof kded4) returning multiple pids could be problematic.
sbeattie suggested that su command could be changed to the following:
su - $XUSER -c 'eval $(echo -n "export "; grep -z DBUS_SESSION_ BUS_ADDRESS /proc/$(pidof kded4)/environ); qdbus org.kde.kded'
In the attack scenario, this causes the grep command to fail due to $XUSER not having permission to read /proc/$(pidof kded4)/environ. However, we may want to clean this up a little more because qdbus is still executed. sbeattie also pointed out that $(pidof kded4) returning multiple pids could be problematic.