[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#169928: incorrect 'chmod 000' at package removal

Package: dpkg
Version: 1.10.9

There's a very nice chmodsafe_unlink() function in main/help.c. It
correctly uses lstat() at line 442.

In main/remove.c, line 268 nearly the same code is duplicated, instead of
calling chmodsafe_unlink(). Furthermore, this code contains stat() instead
of lstat().  So if you have a package which contains a symlink to
/dev/null (at this moment I've created such a package from a commercial
application), then when you remove this package, you'll have your
/dev/null chmod'ed to 000.  This is really bad.

That stat() call really should be an lstat(), or chmodsafe_unlink() should
be used instead.


Reply to: