On Sun, Jan 10, 1999 at 11:56:25AM -0800, David Brownlee wrote:
> 	OpenBSD does this in kern_exec.c
> 
> http://www.openbsd.org/cgi-bin/cvsweb/src/sys/kern/kern_exec.c?r1=1.19&r2=1.20
> 
> 	this avoids attacks that involve closing one or more of fd{0,1,2}
> 	and running a setuid program that opens a filedescriptor for
> 	any reason then	tries to use one of the standard descriptors.
> 
> 	The other approach would be to modify every set{g,u}id program
> 	to exit if any of the three descriptors are closed.
> 
> 	Would anyone object if the above patch was added to NetBSD?

I suspect it may violate POSIX, but failing that, no.