Bug#169928: incorrect 'chmod 000' at package removal

To: submit@bugs.debian.org
Subject: Bug#169928: incorrect 'chmod 000' at package removal
From: Koblinger Egmont <egmont@uhulinux.hu>
Date: Wed, 20 Nov 2002 21:42:52 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.44.0211202134580.19856-100000@sziami.cs.bme.hu>
Reply-to: Koblinger Egmont <egmont@uhulinux.hu>, 169928@bugs.debian.org

Package: dpkg
Version: 1.10.9

There's a very nice chmodsafe_unlink() function in main/help.c. It
correctly uses lstat() at line 442.

In main/remove.c, line 268 nearly the same code is duplicated, instead of
calling chmodsafe_unlink(). Furthermore, this code contains stat() instead
of lstat().  So if you have a package which contains a symlink to
/dev/null (at this moment I've created such a package from a commercial
application), then when you remove this package, you'll have your
/dev/null chmod'ed to 000.  This is really bad.

That stat() call really should be an lstat(), or chmodsafe_unlink() should
be used instead.



bye,
Egmont

Reply to:

Prev by Date: Bug#169619: dpkg: documents unavailable --command-fd option
Next by Date: Bug#160424: marked as done (dpkg lock file should be in /var/lock)
Previous by thread: Bug#169619: dpkg: documents unavailable --command-fd option
Next by thread: Bug#160424: marked as done (dpkg lock file should be in /var/lock)
Index(es):
- Date
- Thread