rm -rf / in Windows Subsystem for Linux reveals sharp set of teeth

Don’t run any of the commands mentioned in this article. They’re all intentionally very destructive for your Windows system. You’ve been warned.

I attempted to run rm ​-rf --no-​preserve-root "/​mnt/c" in the new Windows Subsystem for Linux. I knew it could interact with the full file system and modify and delete files, but I expected to discover that Microsoft had included some kind of protection to prevent me from doing it.

While the command runs, you’ll start noticing that Windows will revert to default program settings as applications and classic programs are fully or partially deleted from your system. You’ll also notice that customization such as themes and desktop backgrounds will start to drop out. If you haven’t realized it yet, your system is about to die.

Like when you run this command under a full Linux kernel, the system will usually buckle before it manages to delete every file completely. Files currently loaded by the Windows kernel and files not writable by users in the Administrator user group in Windows will not be deleted. That, however, will still delete large chunks of critical system files and programs in Windows.

Running the above command will delete some 12 000 files in the default Windows installation directory at C:\Windows as well as all user files in C:\Users and leave your system incapable of booting up again! While you can still carry on working in the session for quite some time, it will eventually stop responding and throw you into a blue screen. Upon restarting, Windows will be missing drivers and other required files.

Running rm ​-rf --no-​preserve-root "/​" will only destroy your installation of the Windows Subsystem for Linux. Running lxrun.exe /uninstall /full /y && lxrun.exe /install /y in the Command Prompt will reinstall it and have you back up and running in Ubuntu in no time.

It won’t traverse the symlink to the Windows file system in the mount point and start deleting things on your C: drive. Doing so explicitly with the first command I mentioned, will not stop you from gutting your system.

I halfway expected Windows’ Syscall translation layer for Linux to block any such obviously destructive actions. I guess the Windows Subsystem for Linux has got some sharper teeth than I first gave it credit for. As the WSL is still in beta, Microsoft could still add some level of protection against commands like this. At the end of the day, you can’t have a powerful system shell without allowing it to do what users tell it to do.