The following appears /var/log/messages, what that means ?
Feb 19 22:51:20 kernel: [ 187.819487] non-matching-uid symlink following attempted in sticky world-writable directory by sh (fsuid 1001 != 0)
It happens when a cron job was about to run.
A privileged process can be tricked into overwriting an important file (/etc/passwd, /etc/shadow, etc.) by pointing a symlink at it. For example, if you know that root will run a program that creates a file in /tmp, you can lay a trap by guessing what the file name will be (typically /tmp/fooXXX, with foo being the program name and XXX being the process ID) and fill /tmp with likely candidates pointing at /etc/shadow. Later, root opens the file in /tmp, truncates and overwrites /etc/shadow and suddenly no one can log into the system anymore. There is a related attack that exploits a race condition between checking for the existence of a temp file and the creation of the file.
There are ways to avoid this problem, including careful use of mktemp() and mkstemp(), but not all programmers and users will be aware of this risk. As a result, a Linux kernel patch was proposed recently and apparently it has been applied to the kernel that you're using. The patch prevents following symlinks in one of the common situations where the malicious link might have been planted: a world-writable directory with the sticky bit set, which is the way /tmp is normally configured on Unix systems. Instead of following the symlink, the attempted system call fails with EACCES and the kernel logs the message that you saw.
