Closing files after fork

Matt Selsky Matthew.Selsky at
Wed Aug 25 09:47:51 UTC 2021

> Nobody responded to my request, so I'll assume it isn't needed and start
working on deleting it.

> In hindsight, I'm surprised that Eric didn't remove it ages ago.  (Or add a
comment about why it is necessary.)

Hi Hal,

I think we close all FDs in order to reduce the number of FDs open with our old security context. Eg, if we seteuid() after fork, we want to drop all FDs opened with root privileges.

This seems like a reasonable practice that we should leave in place.


More information about the devel mailing list