diff -r bc88690df059 Lib/os.py
--- a/Lib/os.py	Tue Jan 29 13:35:00 2013 +0100
+++ b/Lib/os.py	Tue Jan 29 14:01:24 2013 +0100
@@ -439,7 +439,7 @@ if {open, stat} <= supports_dir_fd and {
         # Note: To guard against symlink races, we use the standard
         # lstat()/open()/fstat() trick.
         orig_st = stat(top, follow_symlinks=False, dir_fd=dir_fd)
-        topfd = open(top, O_RDONLY, dir_fd=dir_fd)
+        topfd = open(top, O_RDONLY, dir_fd=dir_fd, cloexec=True)
         try:
             if (follow_symlinks or (st.S_ISDIR(orig_st.st_mode) and
                                     path.samestat(orig_st, stat(topfd)))):
@@ -479,7 +479,7 @@ if {open, stat} <= supports_dir_fd and {
         for name in dirs:
             try:
                 orig_st = stat(name, dir_fd=topfd, follow_symlinks=follow_symlinks)
-                dirfd = open(name, O_RDONLY, dir_fd=topfd)
+                dirfd = open(name, O_RDONLY, dir_fd=topfd, cloexec=True)
             except OSError as err:
                 if onerror is not None:
                     onerror(err)
diff -r bc88690df059 Lib/shutil.py
--- a/Lib/shutil.py	Tue Jan 29 13:35:00 2013 +0100
+++ b/Lib/shutil.py	Tue Jan 29 14:01:24 2013 +0100
@@ -104,8 +104,8 @@ def copyfile(src, dst, *, follow_symlink
     if not follow_symlinks and os.path.islink(src):
         os.symlink(os.readlink(src), dst)
     else:
-        with open(src, 'rb') as fsrc:
-            with open(dst, 'wb') as fdst:
+        with open(src, 'rb', cloexec=True) as fsrc:
+            with open(dst, 'wb', cloexec=True) as fdst:
                 copyfileobj(fsrc, fdst)
     return dst
 
@@ -386,7 +386,7 @@ def _rmtree_safe_fd(topfd, path, onerror
             mode = 0
         if stat.S_ISDIR(mode):
             try:
-                dirfd = os.open(name, os.O_RDONLY, dir_fd=topfd)
+                dirfd = os.open(name, os.O_RDONLY, dir_fd=topfd, cloexec=True)
             except OSError:
                 onerror(os.open, fullname, sys.exc_info())
             else:
@@ -448,7 +448,7 @@ def rmtree(path, ignore_errors=False, on
             onerror(os.lstat, path, sys.exc_info())
             return
         try:
-            fd = os.open(path, os.O_RDONLY)
+            fd = os.open(path, os.O_RDONLY, cloexec=True)
         except Exception:
             onerror(os.lstat, path, sys.exc_info())
             return
@@ -875,7 +875,7 @@ def _unpack_zipfile(filename, extract_di
             if not name.endswith('/'):
                 # file
                 data = zip.read(info.filename)
-                f = open(target, 'wb')
+                f = open(target, 'wb', cloexec=True)
                 try:
                     f.write(data)
                 finally: