I don't think we should keep these fds around on exec. OK?
Index: privsep.c =================================================================== RCS file: /cvs/src/usr.sbin/syslogd/privsep.c,v retrieving revision 1.71 diff -u -p -r1.71 privsep.c --- privsep.c 5 Jul 2019 13:23:27 -0000 1.71 +++ privsep.c 16 Sep 2020 09:59:36 -0000 @@ -519,6 +519,7 @@ open_pipe(char *cmd) if (dup2(fd[0], STDIN_FILENO) == -1) err(1, "dup2 failed"); + closefrom(STDERR_FILENO + 1); if (execv("/bin/sh", argp) == -1) err(1, "execv %s", cmd); /* NOTREACHED */