GNU bug report logs - #79218
BUG: sudo rm -rf /* removes without --no-preserve-root

Previous Next

Full log

View this message in rfc822 format

From: Pádraig Brady <P <at> draigBrady.com>
To: Doctorixx <jebpip2008 <at> gmail.com>, 79218 <at> debbugs.gnu.org
Subject: bug#79218: BUG: sudo rm -rf /* removes without --no-preserve-root
Date: Mon, 11 Aug 2025 17:00:38 +0100

On 11/08/2025 11:16, Doctorixx wrote:
> Hello coreutils maintainers,
> 
> I noticed a potentially dangerous difference in how rm handles the / and /*
> patterns.
> 
> Currently:
> 
> $ sudo rm -rf /
> rm: it is dangerous to operate recursively on '/'
> rm: use --no-preserve-root to override this failsafe
> 
> This prevents accidental deletion of the root directory.
> 
> However:
> 
> $ sudo rm -rf /*
> 
> This command will proceed to remove the contents of /, effectively
> destroying the system, without any warning.
> 
> While this is technically correct according to shell expansion rules, it
> may be surprising for some users. People might assume /* is just as
> protected as /, but the safeguard doesn’t apply.
> 
> P.S.: I removed root(

Unfortunately, rm doesn't see the "/*", it only see's the individual paths,
as the shell does the expansion before executing rm.

A more problematic expansion might be inadvertently adding a space after ~/.
For example if you wanted to `rm -Rf ~/foo/` but instead did `rm -Rf ~/ foo/`.
This is something we could potentially protect against I suppose.

cheers,
Padraig

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.