diff --git a/unix/uxproxy.c b/unix/uxproxy.c
index 209991fc..f4e67589 100644
--- a/unix/uxproxy.c
+++ b/unix/uxproxy.c
@@ -265,6 +265,8 @@ Socket platform_new_connection(SockAddr addr, char *hostname,
 	ret->error = dupprintf("pipe: %s", strerror(errno));
 	return (Socket)ret;
     }
+    cloexec(to_cmd_pipe[1]);
+    cloexec(from_cmd_pipe[0]);
 
     pid = fork();
 
@@ -272,13 +274,12 @@ Socket platform_new_connection(SockAddr addr, char *hostname,
 	ret->error = dupprintf("fork: %s", strerror(errno));
 	return (Socket)ret;
     } else if (pid == 0) {
-	int i;
 	close(0);
 	close(1);
 	dup2(to_cmd_pipe[0], 0);
 	dup2(from_cmd_pipe[1], 1);
-	for (i = 3; i < 127; i++)
-	    close(i);
+	close(to_cmd_pipe[0]);
+	close(from_cmd_pipe[1]);
 	fcntl(0, F_SETFD, 0);
 	fcntl(1, F_SETFD, 0);
 	execl("/bin/sh", "sh", "-c", cmd, (void *)NULL);
diff --git a/unix/uxpty.c b/unix/uxpty.c
index cc01a67b..f79b974f 100644
--- a/unix/uxpty.c
+++ b/unix/uxpty.c
@@ -414,6 +414,8 @@ void pty_pre_init(void)
 	perror("pterm: pipe");
 	exit(1);
     }
+    cloexec(pipefd[0]);
+    cloexec(pipefd[1]);
     pid = fork();
     if (pid < 0) {
 	perror("pterm: fork");
@@ -755,7 +757,6 @@ static const char *pty_init(void *frontend, void **backend_handle, Config *cfg,
     }
 
     if (pid == 0) {
-	int i;
 	/*
 	 * We are the child.
 	 */
@@ -771,6 +772,7 @@ static const char *pty_init(void *frontend, void **backend_handle, Config *cfg,
 	dup2(slavefd, 0);
 	dup2(slavefd, 1);
 	dup2(slavefd, 2);
+	close(slavefd);
 	setsid();
 #ifdef TIOCSCTTY
 	ioctl(slavefd, TIOCSCTTY, 1);
@@ -780,9 +782,6 @@ static const char *pty_init(void *frontend, void **backend_handle, Config *cfg,
 	setpgid(pgrp, pgrp);
 	close(open(pty->name, O_WRONLY, 0));
 	setpgid(pgrp, pgrp);
-	/* Close everything _else_, for tidiness. */
-	for (i = 3; i < 1024; i++)
-	    close(i);
 	{
 	    char *term_env_var = dupprintf("TERM=%s", cfg->termtype);
 	    putenv(term_env_var);
@@ -863,9 +862,13 @@ static const char *pty_init(void *frontend, void **backend_handle, Config *cfg,
 	add234(ptys_by_pid, pty);
     }
 
-    if (pty_signal_pipe[0] < 0 && pipe(pty_signal_pipe) < 0) {
-	perror("pipe");
-	exit(1);
+    if (pty_signal_pipe[0] < 0) {
+	if (pipe(pty_signal_pipe) < 0) {
+	    perror("pipe");
+	    exit(1);
+	}
+	cloexec(pty_signal_pipe[0]);
+	cloexec(pty_signal_pipe[1]);
     }
     pty_uxsel_setup(pty);