diff -up dhcp-4.0.0/client/dhclient.c.FD_CLOEXEC dhcp-4.0.0/client/dhclient.c
--- dhcp-4.0.0/client/dhclient.c.FD_CLOEXEC	2008-08-01 11:02:35.000000000 -1000
+++ dhcp-4.0.0/client/dhclient.c	2008-08-01 11:14:01.000000000 -1000
@@ -2696,6 +2696,7 @@ int leases_written = 0;
 
 void rewrite_client_leases ()
 {
+	int fd, flags;
 	struct interface_info *ip;
 	struct client_state *client;
 	struct client_lease *lp;
@@ -2708,6 +2709,23 @@ void rewrite_client_leases ()
 		return;
 	}
 
+	if ((fd = fileno(leaseFile)) == -1) {
+		log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno));
+		return;
+	}
+
+	if ((flags = fcntl(fd, F_GETFD)) == -1) {
+		log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno));
+		return;
+	}
+
+	flags |= FD_CLOEXEC;
+
+	if (fcntl(fd, F_SETFD, flags) == -1) {
+		log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+		return;
+	}
+
 	/* If there is a default duid, write it out. */
 	if (default_duid.len != 0)
 		write_duid(&default_duid);
@@ -2800,7 +2818,7 @@ static isc_result_t
 write_duid(struct data_string *duid)
 {
 	char *str;
-	int stat;
+	int stat, flags, fd;
 
 	if ((duid == NULL) || (duid->len <= 2))
 		return ISC_R_INVALIDARG;
@@ -2811,6 +2829,23 @@ write_duid(struct data_string *duid)
 			log_error("can't create %s: %m", path_dhclient_db);
 			return ISC_R_IOERROR;
 		}
+
+		if ((fd = fileno(leaseFile)) == -1) {
+			log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno));
+			return ISC_R_IOERROR;
+		}
+
+		if ((flags = fcntl(fd, F_GETFD)) == -1) {
+			log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno));
+			return ISC_R_IOERROR;
+		}
+
+		flags |= FD_CLOEXEC;
+
+		if (fcntl(fd, F_SETFD, flags) == -1) {
+			log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+			return ISC_R_IOERROR;
+		}
 	}
 
 	/* It would make more sense to write this as a hex string,
@@ -2840,7 +2875,7 @@ write_client6_lease(struct client_state 
 {
 	struct dhc6_ia *ia;
 	struct dhc6_addr *addr;
-	int stat;
+	int stat, flags, fd;
 
 	/* This should include the current lease. */
 	if (!rewrite && (leases_written++ > 20)) {
@@ -2858,6 +2893,23 @@ write_client6_lease(struct client_state 
 			log_error("can't create %s: %m", path_dhclient_db);
 			return ISC_R_IOERROR;
 		}
+
+		if ((fd = fileno(leaseFile)) == -1) {
+			log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno));
+			return ISC_R_IOERROR;
+		}
+
+		if ((flags = fcntl(fd, F_GETFD)) == -1) {
+			log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno));
+			return ISC_R_IOERROR;
+		}
+
+		flags |= FD_CLOEXEC;
+
+		if (fcntl(fd, F_SETFD, flags) == -1) {
+			log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+			return ISC_R_IOERROR;
+		}
 	}
 
 	stat = fprintf(leaseFile, "lease6 {\n");
@@ -2940,6 +2992,7 @@ int write_client_lease (client, lease, r
 {
 	struct data_string ds;
 	int errors = 0;
+	int flags, fd;
 	char *s;
 	const char *tval;
 
@@ -2961,6 +3014,23 @@ int write_client_lease (client, lease, r
 			log_error ("can't create %s: %m", path_dhclient_db);
 			return 0;
 		}
+
+		if ((fd = fileno(leaseFile)) == -1) {
+			log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno));
+			return ISC_R_IOERROR;
+		}
+
+		if ((flags = fcntl(fd, F_GETFD)) == -1) {
+			log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno));
+			return ISC_R_IOERROR;
+		}
+
+		flags |= FD_CLOEXEC;
+
+		if (fcntl(fd, F_SETFD, flags) == -1) {
+			log_error ("failed to set close-on-exec for %s", path_dhclient_db);
+			return ISC_R_IOERROR;
+		}
 	}
 
 	errno = 0;