I was wondering - does anyone know why not just change the default so
that ALL FD's are close on exec. That would seem to be the more secure
I know there are places (inetd to network daemons) where passing the
FD's in via exec is standard, but it would seem to be those would be the
exception rather than the rule.
I'm sure this was thought about, and probably tested, I'm mostly just
curious about where it ran into trouble.