Package: dpkg Version: 1.10.9 There's a very nice chmodsafe_unlink() function in main/help.c. It correctly uses lstat() at line 442.
In main/remove.c, line 268 nearly the same code is duplicated, instead of calling chmodsafe_unlink(). Furthermore, this code contains stat() instead of lstat(). So if you have a package which contains a symlink to /dev/null (at this moment I've created such a package from a commercial application), then when you remove this package, you'll have your /dev/null chmod'ed to 000. This is really bad. That stat() call really should be an lstat(), or chmodsafe_unlink() should be used instead. bye, Egmont
