Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: ZSH_XTRACE_FILE (instead of ZSH_XTRACEFD)

X-seq: zsh-workers 54230
From: Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>
To: Charles Blake <charlechaud@xxxxxxxxx>
Cc: Mikael Magnusson <mikachu@xxxxxxxxx>, zsh-workers@xxxxxxx
Subject: Re: ZSH_XTRACE_FILE (instead of ZSH_XTRACEFD)
Date: Wed, 18 Mar 2026 11:04:33 -0700
Arc-authentication-results: i=1; mx.google.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=lVMR6m++KndWklgqjKOGbHTVzdDmPJTvui5B19vGbe0=; fh=RhGXLZb99TS1G/RqyEfMAIXF3cq7EemnWbpAJ2yVsQk=; b=WogYrMmOeQV9cgdtCUOdGwEyELoY51b3XOHyCU+9kREjoZXcP+7+zyIFFjhmpEcKZ2 68y4y5XXxl8MW3ZLwPfykjX7Oeyixb86y6IDReaornZ5WS7P47obe0Jrin+WxmWzWydX ceRnwTFHgbsDc/LxlgVqvjJjQ017QE+L7RCjRHm0I6GKgPyzjlsLaolQ5+OQmAdbears DKpnpAbfRgeZwYa17EDB16BcTwrhnfq8ZtwuBM0y6Kr+b6KMBfWTe8O4DRzLtkMzdrrD bYq//+ThyBV7+8mn5wZqXz4yBm6jx6dZTsvI2uGp22ldMc2Bekt6fX4kxFvjuxg7M5vV l3tA==; darn=zsh.org
Arc-seal: i=1; a=rsa-sha256; t=1773857085; cv=none; d=google.com; s=arc-20240605; b=dB89AFJPDIuE/3RBn147BWUg6DbpXVgKM+PWPdq1YGBOZctQJjFUdDz/UDwdftN3l9 JfIHEkyr55f3iDtbLTm60u+T8rVh9kkRnDyhNYwrmvi6xTjWK42V0Z9+yXNptg7j4yUl 7DY+WmNxdWX4SFe873nPOemX4gmLN1WZRDGGYDwOVtIrqWLt4FhrSol15T60QZaXlIOm V0kt8wQU2mV7UoOzdcofUi3GEj5m+NZsPLTWEX5xMZhi8uqsFHm/3hB0xnnkwOrMVOiZ ryk0CINNtC28nW07FZLH4994t2ek/C0Mi0E1QwH5GsvEXTWGc/XO80OmFHGNG0NY1aqv o4KA==
Archived-at: <https://zsh.org/workers/54230>
In-reply-to: <CAKiz1a-vopsGTHvKK43k2=7fRraWsB2UvXfqdcjFgYBOu0CLxQ@mail.gmail.com>
List-id: <zsh-workers.zsh.org>
References: <CAKiz1a_OLEGqSGpQ9wsVW_rriO35uiRfMkJV=FaOLAywyC3-qQ@mail.gmail.com> <CAHYJk3R72BuyuSg57eC+46bQwEPBg+3V9+UO42GNQT__tiYcww@mail.gmail.com> <CAKiz1a9=4CJAuBWcLcrukaORsWtOuHSGtpKjR4Dyv-qGiDiq+A@mail.gmail.com> <CAHYJk3QCw7g6HKhA+6NHEO+OjxehQVVdyctkhUE1ruZ54E-0iw@mail.gmail.com> <CAKiz1a-vopsGTHvKK43k2=7fRraWsB2UvXfqdcjFgYBOu0CLxQ@mail.gmail.com>

On Wed, Mar 18, 2026 at 9:53 AM Charles Blake <charlechaud@xxxxxxxxx> wrote:
>
> I appreciate the cautious mindset, but I still think the analogy is
> inapt.  There is no new execution path here - only segregated
> destinations rather than smooshed together stderr and even then only
> when tracing is active.

Consider ZSH_XTRACE_FILE=$HOME/.zshenv for an example of where things
could go badly wrong.

> ZSH_XTRACEFD was discussed from 2019-05-17 all the way to 2020-05-05.
> This objection was not raised in spite of shell shock being much more
> recent at the time and main Zsh contributors participating.

That's quite possibly because ZSH_XTRACEFD does not suffer from the same issue.

With ZSH_XTRACE_FILE, the shell is being asked to perform an open()
system call on an arbitrary path, and then write to it.  This is
inherently dangerous in the context of e.g. a script that otherwise
would not take those actions.

With ZSH_XTRACEFD, the descriptor must already exist -- the
surrounding environment is tasked with opening files/pipes/etc. with
proper permissions, all zsh is required to do is write to the file.

Follow-Ups:
- Re: ZSH_XTRACE_FILE (instead of ZSH_XTRACEFD)
  - From: Bart Schaefer

References:
- ZSH_XTRACE_FILE (instead of ZSH_XTRACEFD)
  - From: Charles Blake
- Re: ZSH_XTRACE_FILE (instead of ZSH_XTRACEFD)
  - From: Mikael Magnusson
- Re: ZSH_XTRACE_FILE (instead of ZSH_XTRACEFD)
  - From: Charles Blake
- Re: ZSH_XTRACE_FILE (instead of ZSH_XTRACEFD)
  - From: Mikael Magnusson
- Re: ZSH_XTRACE_FILE (instead of ZSH_XTRACEFD)
  - From: Charles Blake

Messages sorted by: Reverse Date, Date, Thread, Author