--- src/apprentice.c
+++ src/apprentice.c	2013-09-30 00:00:00.000000000 +0000
@@ -944,7 +944,7 @@ load_1(struct magic_set *ms, int action,
 	ssize_t len;
 	struct magic_entry me;
 
-	FILE *f = fopen(ms->file = fn, "r");
+	FILE *f = fopen(ms->file = fn, "re");
 	if (f == NULL) {
 		if (errno != ENOENT)
 			file_error(ms, errno, "cannot read magic file `%s'",
@@ -2605,7 +2605,7 @@ apprentice_map(struct magic_set *ms, con
 	if (dbname == NULL)
 		goto error;
 
-	if ((fd = open(dbname, O_RDONLY|O_BINARY)) == -1)
+	if ((fd = open(dbname, O_RDONLY|O_BINARY|O_CLOEXEC)) == -1)
 		goto error;
 
 	if (fstat(fd, &st) == -1) {
@@ -2717,7 +2717,7 @@ apprentice_compile(struct magic_set *ms,
 	if (dbname == NULL) 
 		goto out;
 
-	if ((fd = open(dbname, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, 0644)) == -1) 
+	if ((fd = open(dbname, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY|O_CLOEXEC, 0644)) == -1) 
 	{
 		file_error(ms, errno, "cannot open `%s'", dbname);
 		goto out;
--- src/compress.c
+++ src/compress.c	2013-09-30 00:00:00.000000000 +0000
@@ -250,7 +250,7 @@ file_pipe2file(struct magic_set *ms, int
 #else
 	{
 		int te;
-		tfd = mkstemp(buf);
+		tfd = mkostemp(buf, O_CLOEXEC);
 		te = errno;
 		(void)unlink(buf);
 		errno = te;
--- src/file.c
+++ src/file.c	2013-09-30 00:00:00.000000000 +0000
@@ -390,7 +390,7 @@ unwrap(struct magic_set *ms, const char
 		f = stdin;
 		wid = 1;
 	} else {
-		if ((f = fopen(fn, "r")) == NULL) {
+		if ((f = fopen(fn, "re")) == NULL) {
 			(void)fprintf(stderr, "%s: Cannot open `%s' (%s).\n",
 			    progname, fn, strerror(errno));
 			return 1;
--- src/magic.c
+++ src/magic.c	2013-12-02 10:36:33.334786103 +0000
@@ -372,7 +372,7 @@ file_or_fd(struct magic_set *ms, const c
 		else
 			pos = lseek(fd, (off_t)0, SEEK_CUR);
 	} else {
-		int flags = O_RDONLY|O_BINARY;
+		int flags = O_RDONLY|O_BINARY|O_CLOEXEC;
 		int okstat = stat(inname, &sb) == 0;
 
 		if (okstat && S_ISFIFO(sb.st_mode)) {