GNU bug report logs - #79218
BUG: sudo rm -rf /* removes without --no-preserve-root

Previous Next

Package: coreutils;

Reported by: Doctorixx <jebpip2008 <at> gmail.com>

Date: Mon, 11 Aug 2025 15:11:01 UTC

Severity: normal

Tags: notabug

To reply to this bug, email your comments to 79218 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-coreutils <at> gnu.org:
bug#79218; Package coreutils. (Mon, 11 Aug 2025 15:11:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to Doctorixx <jebpip2008 <at> gmail.com>:
New bug report received and forwarded. Copy sent to bug-coreutils <at> gnu.org. (Mon, 11 Aug 2025 15:11:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Doctorixx <jebpip2008 <at> gmail.com>
To: bug-coreutils <at> gnu.org
Subject: BUG: sudo rm -rf /* removes without --no-preserve-root
Date: Mon, 11 Aug 2025 13:16:04 +0300

[Message part 1 (text/plain, inline)]
Hello coreutils maintainers,

I noticed a potentially dangerous difference in how rm handles the / and /*
patterns.

Currently:

$ sudo rm -rf /
rm: it is dangerous to operate recursively on '/'
rm: use --no-preserve-root to override this failsafe

This prevents accidental deletion of the root directory.

However:

$ sudo rm -rf /*

This command will proceed to remove the contents of /, effectively
destroying the system, without any warning.

While this is technically correct according to shell expansion rules, it
may be surprising for some users. People might assume /* is just as
protected as /, but the safeguard doesn’t apply.

P.S.: I removed root(

[Message part 2 (text/html, inline)]
Information forwarded to bug-coreutils <at> gnu.org:
bug#79218; Package coreutils. (Mon, 11 Aug 2025 15:54:02 GMT) Full text and rfc822 format available.

Message #8 received at 79218 <at> debbugs.gnu.org (full text, mbox):

From: Collin Funk <collin.funk1 <at> gmail.com>
To: Doctorixx <jebpip2008 <at> gmail.com>
Cc: 79218 <at> debbugs.gnu.org
Subject: Re: bug#79218: BUG: sudo rm -rf /* removes without --no-preserve-root
Date: Mon, 11 Aug 2025 08:53:06 -0700

Hi,

Doctorixx <jebpip2008 <at> gmail.com> writes:

> Hello coreutils maintainers,
>
> I noticed a potentially dangerous difference in how rm handles the / and /*
> patterns.
>
> Currently:
>
> $ sudo rm -rf /
> rm: it is dangerous to operate recursively on '/'
> rm: use --no-preserve-root to override this failsafe
>
> This prevents accidental deletion of the root directory.
>
> However:
>
> $ sudo rm -rf /*
>
> This command will proceed to remove the contents of /, effectively
> destroying the system, without any warning.
>
> While this is technically correct according to shell expansion rules, it
> may be surprising for some users. People might assume /* is just as
> protected as /, but the safeguard doesn’t apply.

The 'rm' command does not handle /* since globbing is handled by the
shell. So 'rm' has no way of knowing it is passed /*, it just sees file
names passed to the command-line. Here is an example:

    $ cat main.c 
    #include <stdio.h>
    #include <stdlib.h>
    int
    main (int argc, char **argv)
    {
      for (int i = 1; i < argc; ++i)
        printf ("%s\n", argv[i]);
      return EXIT_SUCCESS;
    }
    $ gcc main.c
    $ ./a.out /*
    /afs
    /bin
    /boot
    /dev
    /etc
    /home
    [...]

Collin
Information forwarded to bug-coreutils <at> gnu.org:
bug#79218; Package coreutils. (Mon, 11 Aug 2025 16:01:02 GMT) Full text and rfc822 format available.

Message #11 received at 79218 <at> debbugs.gnu.org (full text, mbox):

From: Pádraig Brady <P <at> draigBrady.com>
To: Doctorixx <jebpip2008 <at> gmail.com>, 79218 <at> debbugs.gnu.org
Subject: Re: bug#79218: BUG: sudo rm -rf /* removes without --no-preserve-root
Date: Mon, 11 Aug 2025 17:00:38 +0100

On 11/08/2025 11:16, Doctorixx wrote:
> Hello coreutils maintainers,
> 
> I noticed a potentially dangerous difference in how rm handles the / and /*
> patterns.
> 
> Currently:
> 
> $ sudo rm -rf /
> rm: it is dangerous to operate recursively on '/'
> rm: use --no-preserve-root to override this failsafe
> 
> This prevents accidental deletion of the root directory.
> 
> However:
> 
> $ sudo rm -rf /*
> 
> This command will proceed to remove the contents of /, effectively
> destroying the system, without any warning.
> 
> While this is technically correct according to shell expansion rules, it
> may be surprising for some users. People might assume /* is just as
> protected as /, but the safeguard doesn’t apply.
> 
> P.S.: I removed root(

Unfortunately, rm doesn't see the "/*", it only see's the individual paths,
as the shell does the expansion before executing rm.

A more problematic expansion might be inadvertently adding a space after ~/.
For example if you wanted to `rm -Rf ~/foo/` but instead did `rm -Rf ~/ foo/`.
This is something we could potentially protect against I suppose.

cheers,
Padraig
Added tag(s) notabug. Request was from Collin Funk <collin.funk1 <at> gmail.com> to control <at> debbugs.gnu.org. (Wed, 13 Aug 2025 01:41:02 GMT) Full text and rfc822 format available.
This bug report was last modified 29 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.