Gvmd creates a pidfile not owned by root

[MocioF]

Expected behavior

gvmd should implement a --drop-privileges feature, so to be started as root, create a pidfile as root, and then drop privileges to the regular user with administrative rights on the gvm database

Actual behavior

gvmd doesn't support --drop-privileges
When started as a regular user, gvmd creates a pidfile in a directory where this user has write permissions (or it fails on startup if the regular user cannot write on that directory) and the file is owned by the same user.
This could bring to security concerns because an attacker could write a different value in the gvmd pidfile and an init system as OpenRC could stop an arbitrary process while trying to stop gvmd.

GVM versions

gsa: 22.06.0~git

gvm: 22.9.0

openvas-scanner: 22.7.5

gvm-libs: 22.7.1

Environment

Operating system:
Linux 6.1.53-gentoo-r1

Installation method / source: source installation

The problem has been reported on Greenbone forum too: https://forum.greenbone.net/t/gvmd-creates-a-pidfile-not-owned-by-root/15861
More information about why creating a pidfile not owned by root could be a security issue: https://github.com/OpenRC/openrc/blob/master/service-script-guide.md#pid-files-should-be-writable-only-by-root