Hi Paul, > (opendirat, diropen): Use O_CLOEXEC instead of set_cloexec_flag.
There are platforms which support O_CLOEXEC; on these platforms this commit is an improvement (eliminate uncontrolled inheritance of fd if another thread calls fork+exec()). There are also platforms which don't support O_CLOEXEC; on these platforms gnulib's fcntl.h substitute defines O_CLOEXEC to 0. So, adding it to the open() or openat() arguments has no effect, and eliminating the set_cloexec_flag is a regression: it introduces unwanted inheritance of fd even in single-threaded programs. Or did I miss something? lib/popen-safer.c contains a helper function open_noinherit that (a) is race-free on platformas which support O_CLOEXEC, (b) prevents unwanted inheritance of fd in single-threaded programs. How about - moving this helper function to a separate module, - adding a similar helper function for openat(), - using these instead of unconditional uses of O_CLOEXEC ? Alternatively, define O_CLOEXEC to a non-zero value on those platforms that don't support it, and extend gnulib's open() and openat() wrappers to support O_CLOEXEC. But this is more hairy because the platforms could, at any time, introduce other O_* flags that happen to collide wit the value we happen to pick for O_CLOEXEC. Bruno
