Package: logrotate
Version: 3.18.0-2+deb11u1
Severity: important
X-Debbugs-Cc: t...@mirbsd.de, t...@security.debian.org
I got a new version of logrotate on multiple systems due to the
security/point release, and since then I get, every night, from
all of them, this:
│Subject: Anacron job 'cron.daily' on $hostname
│
│/etc/cron.daily/logrotate:
│error: state file /var/lib/logrotate/status is world-readable and thus can be
locked from other unprivileged
│users. Skipping lock acquisition...
This is new and very annoying.
And wrong:
$ lo /var/lib/logrotate/
total 12
drwxr-xr-x 2 root root 4096 10. Jul 07:55 ./
drwxr-xr-x 80 root root 4096 10. Jun 00:01 ../
-rw-r- 1 root root 2952 10. Jul 07:55 status
(At least it is wrong now; no idea if it is also wrong during
that cronjob’s run.)
It should be noted I have both cron and anacron installed, in
case that matters.
-- Package-specific info:
Contents of /etc/logrotate.d
total 28
-rw-r--r-- 1 root root 120 Jan 30 2021 alternatives
-rw-r--r-- 1 root root 173 Jun 10 2021 apt
-rw-r--r-- 1 root root 130 Oct 14 2019 btmp
-rw-r--r-- 1 root root 112 Jan 30 2021 dpkg
-rw-r--r-- 1 root root 1487 Jan 19 2021 inetutils-syslogd
-rw-r--r-- 1 root root 298 Apr 21 2021 stunnel4
-rw-r--r-- 1 root root 145 Oct 14 2019 wtmp
-- System Information:
Debian Release: 11.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-14-amd64 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8),
LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)
Versions of packages logrotate depends on:
ii anacron 2.3-30
ii cron [cron-daemon] 3.0pl1-137
ii libacl1 2.2.53-10
ii libc6 2.31-13+deb11u3
ii libpopt01.18-2
ii libselinux1 3.1-3
Versions of packages logrotate recommends:
ii bsd-mailx [mailx] 8.1.2-0.20180807cvs-2
logrotate suggests no packages.
-- no debconf information