diff --git a/src/common/util.c b/src/common/util.c
index efa0335012..421da3560c 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -2986,7 +2986,7 @@ tor_spawn_background(const char *const filename, int *stdout_read,
     child_state = CHILD_STATE_REDIRECT;
 
     /* Link stdin to /dev/null */
-    fd = open("/dev/null", O_RDONLY);
+    fd = open("/dev/null", O_RDONLY); /* NOT cloexec, obviously. */
     if (fd != -1)
       dup2(STDIN_FILENO, fd);
     else
@@ -2994,11 +2994,18 @@ tor_spawn_background(const char *const filename, int *stdout_read,
 
     child_state = CHILD_STATE_CLOSEFD;
 
+    close(stderr_pipe[0]);
+    close(stderr_pipe[1]);
+    close(stdout_pipe[0]);
+    close(stdout_pipe[1]);
+    close(fd);
+
     /* Close all other fds, including the read end of the pipe */
-    /* XXX: use closefrom if available, or better still set FD_CLOEXEC
-       on all of Tor's open files */
-    for (fd = STDERR_FILENO + 1; fd < max_fd; fd++)
+    /* XXX: We should now be doing enough FD_CLOEXEC setting to make
+     * this needless. */
+    for (fd = STDERR_FILENO + 1; fd < max_fd; fd++) {
       close(fd);
+    }
 
     child_state = CHILD_STATE_EXEC;