Component

rm

Description

The --preserve-root protection in uutils rm uses a simple path-based check (path.has_root() && path.parent().is_none()) instead of comparing device/inode numbers like GNU rm does. This means you can completely bypass the protection by pointing rm at a symlink to /.

GNU rm caches the device/inode of / at startup and compares every directory it traverses against those numbers. This makes it resistant to symlinks. Uutils just checks if the path string looks like root.

Test / Reproduction Steps

# Create a symlink to root
ln -s / /tmp/rootlink

# Try to delete something through it
rm -rf --preserve-root /tmp/rootlink/home

# GNU rm: refuses with "refusing to remove '/' (matching device/inode)"
# uutils rm: deletes /home

Impact

Critical. Anyone running rm -rf on a directory that contains a symlink to / (or subdirectories of /) will bypass --preserve-root entirely.