On Thu, Dec 09, 2021 at 08:49:19AM -0700, Todd C. Miller wrote:
> I think you should just not check the return value of closefrom().
> It is void on Solaris where it originated, OpenBSD is the outlier
> here because it is a syscall.

Fair enough. I will commit Anna's original patch then.

OpenBSD's closefrom(2) man page suggests that things could go wrong
by way of close(2) failures (such as EINTR). I cannot judge the
impact of such failures. I suppose an error could leave some files
open which should be closed before exec(), and leave such files
exposed to the child process? Could this be triggered deliberately
by sending signals to the process?

> Or you can just set the close-on-exec flag for all the fds you open
> and avoid closefrom() altogether.

Thanks for the hint! That seems better indeed. I will try to take
a look at this at some point. The more pressing issue right now is
the build fix for -portable.