The closefrom emulation is racy and can miss file descriptors as it closes file descriptors while it iterates over the list of open file descriptors. You have to extract a complete list of file descriptors and then close them. This problem has probably been hidden because readdir buffers directory results and reads a bunch of them at once. Also, personally I'd rather have closefrom abort on errors then fall back to a bad implementation (although I know you'll probably disagree) and I'd check every function call for errors (you missed readdir and closedir). For normal usage checking readdir and closedir for errors probably doesn't apply but when people do strange things like use Seccomp or miswrite a signal handler weird things can happen and so not checking for errors just makes it harder to track down bugs.
Hi! This is fixed now in git master, and will be included in the upcoming release which should happen within the coming couple of weeks at most.
This has now been released as part of libbsd 0.8.0.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.