Cat yawning showing teeth

rm -rf / in Windows Subsystem for Linux reveals sharp set of teeth

Don’t run any commands mentioned in this article. They’re intentionally very destructive for your Windows system.

I had a go at running rm ​-rf --no-​preserve-root "/​mnt/c" in the new Windows Subsystem for Linux. I knew I could interact with the full file system and modify and delete files, but I didn’t expect it to be as potent as it turned out to be.

While the command runs, you’ll start notice that Windows will revert to default program settings as applications and classic programs are fully or partially deleted from your system. You’ll also notice that customization such as themes and desktop backgrounds will start to drop out. If you haven’t realized it yet, your system is about to die.

Like when you run this command under a full Linux kernel, the system will usually buckle before it manages to delete every file completely. Files currently loaded by the Windows kernel and files not writable by users in the Administrator user group in Windows will not be deleted. That, however, will still delete large chunks of critical system files and programs in Windows.

Running the above command will delete some 12 000 files in the default Windows installation directory at C:\Windows as well as all user files in C:\Users and leave your system incapable of booting up again! While you can still carry on working in the session for quite some time, it will eventually stop responding and throw you into a blue screen. Upon restarting, Windows will be missing drivers and other required files.

Running rm ​-rf --no-​preserve-root "/​" will only destroy your installation of the Windows Subsystem for Linux. Running lxrun.exe /uninstall /full /y && lxrun.exe /install /y in the Command Prompt will reinstall it and have you back up and running in Ubuntu in no time. It will not traverse the symlink to the Windows file system in the mount point and start deleting things on your C: drive. Doing so explicitly with the first command I mentioned, will not stop you from gutting your system.

I actually expected Windows’ Syscall translation layer for Linux to block any such clearly destructive actions. I guess the Windows Subsystem for Linux has got some sharper teeth than I first gave it credit for. As the WSL is still in beta, Microsoft could still add some level of protections against commands like this. At the end of the day, however, you can’t have a powerful system shell without allowing it to do what users tell it to do.

5 thoughts on “rm -rf / in Windows Subsystem for Linux reveals sharp set of teeth”

  1. Turns out running a command which recursively deletes files forcefully does in fact recursively delete files forcefully.

  2. Like Tim said. Note that this isn’t really anything evil or wrong at all about WSL, and in fact MS should NOT put any safeguards in place to prevent it – it’s working as designed and intended – it did *exactly* what you very explicitly told it to do!

    The WSL user is limited to the permissions of the Windows user that launched it, but an ordinary Windows user (especially if not on an AD-locked-down PC) can do quite a bit of damage without being Administrator.

    What’s the difference, really, between this and running a roughly equivalently destructive DEL command? (Say, something like “DEL /F /S /Q C:\*” I’m not a DOS/CMD syntax expert anymore, but that’s probably close…) Either way, if you do something that stupid, you pay the price…

Leave a Reply

Your email address will not be published. Be courteous and on-topic. Comments are moderated prior to publication.