On Wed, 17 Oct 2007, Brandon S. Allbery KF8NH wrote: ...
Well, security folks (professional paranoids :) tend to consider passing anything other than standard file descriptors to arbitrary subprocesses to be a potential uncontrolled information leak. There *are* times when you want to care about this, but in general there is a tradeoff between secure and usable so most practical systems take the middle road and make the programmer do fd swizzling by hand if they need special behavior in either direction (either more or less sharing, that is). (Early Unix, on the other hand, erred toward the permissive/promiscuous, cf. your NetBSD source comparison.)
My source observations may have been ambiguous. Old NetBSD popen closed all fds, current NetBSD popen closes only popen fds. Donn Cave, donn@drizzle.com