Bug#169928: incorrect 'chmod 000' at package removal
There's a very nice chmodsafe_unlink() function in main/help.c. It
correctly uses lstat() at line 442.
In main/remove.c, line 268 nearly the same code is duplicated, instead of
calling chmodsafe_unlink(). Furthermore, this code contains stat() instead
of lstat(). So if you have a package which contains a symlink to
/dev/null (at this moment I've created such a package from a commercial
application), then when you remove this package, you'll have your
/dev/null chmod'ed to 000. This is really bad.
That stat() call really should be an lstat(), or chmodsafe_unlink() should
be used instead.