So, if I've opened fd 16 and I'm about to run a sub-process which will use this new descriptor
(perhaps I thought to pass '16' as an argument to exec), then I should...
Use dup to copy fd 3 somewhere else, and ensure all of my code can cope with this, perhaps
by entirely replacing file descriptors and anything that uses them (FILE * etc.) with my own
Close the now unused fd 3 and replace it with a copy of fd 16 using dup2, then close that
too, incurring all the above problems again
Are you sure this is simpler than fixing the design by adding close-on-exec as a potential
property of all descriptors from birth ?
Your approach clearly solves only a fraction of the problem (it doesn't consider fork + exec
by sub-routines you didn't write, e.g. in libraries, which is the most serious problem CLOEXEC
fixes), yet it incurs most of the same costs as the fix that's already been chosen and pushed
That's not to say that closefrom() isn't an interesting API, and one which might be welcome in
Linux, but just that it doesn't actually appear to be a simpler solution, just an incomplete