The current consumers of this module in ports don't specify the pid_file parameter. Still, a future port could. This is CVE-2013-7135 btw.
ok? http://bugs.debian.org/732283 https://rt.cpan.org/Ticket/Display.html?id=91450 http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libproc-daemon-perl.git;a=blob;f=debian/patches/pid.patch Index: Makefile =================================================================== RCS file: /cvs/ports/devel/p5-Proc-Daemon/Makefile,v retrieving revision 1.8 diff -u -p -r1.8 Makefile --- Makefile 11 Mar 2013 10:50:21 -0000 1.8 +++ Makefile 18 Dec 2013 13:58:18 -0000 @@ -4,6 +4,7 @@ COMMENT= run perl program as a daemon p MODULES= cpan DISTNAME= Proc-Daemon-0.14 +REVISION= 0 CATEGORIES= devel # perl Index: patches/patch-lib_Proc_Daemon_pm =================================================================== RCS file: patches/patch-lib_Proc_Daemon_pm diff -N patches/patch-lib_Proc_Daemon_pm --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-lib_Proc_Daemon_pm 18 Dec 2013 14:01:12 -0000 @@ -0,0 +1,36 @@ +$OpenBSD$ + +Fix for CVE-2013-7135. +Upstream ticket: https://rt.cpan.org/Ticket/Display.html?id=91450 + +--- lib/Proc/Daemon.pm.orig Fri Jun 3 09:46:44 2011 ++++ lib/Proc/Daemon.pm Wed Dec 18 14:58:09 2013 +@@ -281,10 +281,13 @@ sub Init { + } + # ... the real 'pid_file'. + if ( $self->{pid_file} ) { ++ # Deny r/w access to others ++ my $umask = umask(0022); + open( my $FH_PIDFILE, "+>", $self->{pid_file} ) || + die "Can not open pidfile (pid_file => '$self->{pid_file}'): $!"; + print $FH_PIDFILE $pid; + close $FH_PIDFILE; ++ umask($umask); + } + + +@@ -514,12 +517,14 @@ sub Kill_Daemon { + my $killed = kill( $signal, $pid ); + + if ( $killed && $pidfile ) { ++ my $umask = umask(0022); + # Set PID in pid file to '0'. + if ( open( my $FH_PIDFILE, "+>", $pidfile ) ) { + print $FH_PIDFILE '0'; + close $FH_PIDFILE; + } + else { warn "Can not open pidfile (pid_file => '$pidfile'): $!" } ++ umask($umask); + } + + return $killed; -- jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494