The attached patch changes a number of system library functions to set
the O_CLOEXEC flag immediately while the file is being opened.
This will assure that there will be no time window between opening the file
and setting the close-on-exec flag.
Esp. in a threaded program even the small time window could cause the file
descriptors being leaked to a child program, if another independent library
module decides to call exec() inside another thread while the new file has
been opened but the close-on-exec flag has not been set yet.
This patch requires as a precondition the second enhanced version of
the patch to
Fix: Find the patch attached.
Patch attached with submission follows:
How-To-Repeat: See full description above.
The libfetch portion of the patch was committed in r289420 in late 2015. I can't speak for the rest.