On Wed, 11 Nov 2015 20:31:03 +0100, Adam Wolk wrote:
> cron started to be recently reported in my insecurity output after
> upgrading to snapshot from Nov 6:
>
> Checking special files and directories.
> Output format is:
> filename:
> criteria (shouldbe, reallyis)
> var/cron/atjobs:
> permissions (01770, 0770)
> var/cron/tabs:
> permissions (01730, 0730)
> mtree special: exit code 2
This is a side effect of pledge(2) restrictions in cron coupled
with a minor bug in the code that caused it to change the mode when
it doesn't actually need to.
I committed a fix for the bug earlier today so the next snapshot
containing that fix will not strip the sticky bit from those
directories. However, you'll need to fix up the directory permissions
manuall. E.g.
# chmod chmod a+t /var/cron/atjobs /var/cron/tabs
- todd
