Comment 7 for bug 1862348

Yes, shutil.rmtree can be vulnerable to symlink attacks, Python 3 documentation has a special note about it (https://docs.python.org/3/library/shutil.html#shutil.rmtree):

"On platforms that support the necessary fd-based functions a symlink attack resistant version of rmtree() is used by default. On other platforms, the rmtree() implementation is susceptible to a symlink attack: given proper timing and circumstances, attackers can manipulate symlinks on the filesystem to delete files they wouldn’t be able to access otherwise. Applications can use the rmtree.avoids_symlink_attacks function attribute to determine which case applies."

@alexmurray I think Marc approach is a better choice than my suggestions because only root can write into /run which avoids any symlink trickery (as far as I know).