> Currently, programs can use fcntl() to change an open file descriptor to
> have the close-on-exec property, but there is always a window in time
> between the creation of the descriptor and changing its behavior. Another
> thread could do an exec() call in that window, leaking a potentially
> sensitive file descriptor into the newly run program. Closing that window
> requires an in-kernel solution.
No it doesn't! Simple locking between threads would easily fix the race. See
https://bugzilla.redhat.com/show_bug.cgi?id=233481 for an example. The problem with this
approach appears to be poor performance.