s-s-d(1): Document behavior of --pidfile security checks

Describe what to expect from these new checks.

Closes: #921557

1 files changed, 6 insertions, 3 deletions

diff --git a/man/start-stop-daemon.man b/man/start-stop-daemon.man
index 4723596d3..b6513cedd 100644
--- a/man/start-stop-daemon.man
+++ b/man/start-stop-daemon.man
@@ -122,11 +122,14 @@ Note: using this matching option alone might cause unintended processes to
 be acted on, if the old process terminated without being able to remove the
 \fIpid-file\fP.
 .IP
-\fBWarning:\fP Using this match option alone with a daemon that writes the
-pidfile as an unprivileged user is a security risk, because if the daemon
-gets compromised the contents of the pidfile cannot be trusted, and then
+\fBWarning:\fP using this match option with a world-writable pidfile or using
+it alone with a daemon that writes the pidfile as an unprivileged (non-root)
+user will be refused with an error (since version 1.19.3) as this is a
+security risk, because either any user can write to it, or if the daemon
+gets compromised, the contents of the pidfile cannot be trusted, and then
 a privileged runner (such as an init script executed as root) would end up
 acting on any system process.
+Using \fI/dev/null\fP is excempt from these checks.
 .TP
 .BR \-x ", " \-\-exec " \fIexecutable\fP"
 Check for processes that are instances of this \fIexecutable\fP. The