From ${URL} : Proc::Daemon, when instructed to write a pid file, does that with a umask set to 0, so the pid file ends up with mode 666. This is a rather stupid idea and may well be a security issue. Upstream bug report: https://rt.cpan.org/Public/Bug/Display.html?id=91450 Debian patch: http://anonscm.debian.org/gitweb/?p=pkg-perl/packages/libproc-daemon-perl.git;a=blob;f=debian/patches/pid.patch
world readable isn't a security issue. world writable is.
*** This bug has been marked as a duplicate of bug 494508 ***