closefrom() would only work if
1) it was a system call and thus could enforce atomicity
2) glibc took out a lock also taken by open(), dup(), et al, which means
yet more locking around those functions, harming performance
If you're adding a new system call anyway, why not adjust things so that
the *already existing* close-on-exec flag works properly, rather than
adding more band-aids atop the system to compensate for the unreliability
of the existing flag?