diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index 5bdd49bac0..467f165974 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -492,6 +492,7 @@ void UserLock::acquire()
         AutoCloseFD fd = open(fnUserLock.c_str(), O_RDWR | O_CREAT, 0600);
         if (fd == -1)
             throw SysError(format("opening user lock `%1%'") % fnUserLock);
+        closeOnExec(fd);
 
         if (lockFile(fd, ltWrite, false)) {
             fdUserLock = fd.borrow();
@@ -1792,9 +1793,6 @@ void DerivationGoal::startBuilder()
             if (chdir(tmpDir.c_str()) == -1)
                 throw SysError(format("changing into `%1%'") % tmpDir);
 
-            /* Close all other file descriptors. */
-            closeMostFDs(set<int>());
-
 #ifdef CAN_DO_LINUX32_BUILDS
             if (drv.platform == "i686-linux" && thisSystem == "x86_64-linux") {
                 if (personality(0x0008 | 0x8000000 /* == PER_LINUX32_3GB */) == -1)
@@ -2026,6 +2024,7 @@ Path DerivationGoal::openLogFile()
         O_CREAT | O_WRONLY | O_TRUNC, 0666);
     if (fdLogFile == -1)
         throw SysError(format("creating log file `%1%'") % logFileName);
+    closeOnExec(fdLogFile);
 
     return logFileName;
 }
diff --git a/src/libstore/gc.cc b/src/libstore/gc.cc
index e1e7b4c1c5..e27c63de26 100644
--- a/src/libstore/gc.cc
+++ b/src/libstore/gc.cc
@@ -40,6 +40,7 @@ int LocalStore::openGCLock(LockType lockType)
     AutoCloseFD fdGCLock = open(fnGCLock.c_str(), O_RDWR | O_CREAT, 0600);
     if (fdGCLock == -1)
         throw SysError(format("opening global GC lock `%1%'") % fnGCLock);
+    closeOnExec(fdGCLock);
 
     if (!lockFile(fdGCLock, lockType, false)) {
         printMsg(lvlError, format("waiting for the big garbage collector lock..."));
diff --git a/src/libstore/pathlocks.cc b/src/libstore/pathlocks.cc
index 645f4cd67e..b858ed238d 100644
--- a/src/libstore/pathlocks.cc
+++ b/src/libstore/pathlocks.cc
@@ -20,6 +20,8 @@ int openLockFile(const Path & path, bool create)
     if (fd == -1 && (create || errno != ENOENT))
         throw SysError(format("opening lock file `%1%'") % path);
 
+    closeOnExec(fd);
+
     return fd.borrow();
 }
 
diff --git a/src/libutil/util.cc b/src/libutil/util.cc
index 31322f9c48..842cf3ea47 100644
--- a/src/libutil/util.cc
+++ b/src/libutil/util.cc
@@ -8,6 +8,7 @@
 #include <cstring>
 
 #include <sys/wait.h>
+#include <unistd.h>
 #include <fcntl.h>
 #include <limits.h>
 
@@ -683,6 +684,8 @@ void Pipe::create()
     if (pipe(fds) != 0) throw SysError("creating pipe");
     readSide = fds[0];
     writeSide = fds[1];
+    closeOnExec(readSide);
+    closeOnExec(writeSide);
 }
 
 
@@ -934,6 +937,15 @@ void closeMostFDs(const set<int> & exceptions)
 }
 
 
+void closeOnExec(int fd)
+{
+    int prev;
+    if ((prev = fcntl(fd, F_GETFD, 0)) == -1 ||
+        fcntl(fd, F_SETFD, prev | FD_CLOEXEC) == -1)
+        throw SysError("setting close-on-exec flag");
+}
+
+
 void quickExit(int status)
 {
     _exit(status);
diff --git a/src/libutil/util.hh b/src/libutil/util.hh
index a1cf68e69d..ee0f3862a8 100644
--- a/src/libutil/util.hh
+++ b/src/libutil/util.hh
@@ -258,6 +258,9 @@ string runProgram(Path program, bool searchPath = false,
    listed in the given set.  Good practice in child processes. */
 void closeMostFDs(const set<int> & exceptions);
 
+/* Set the close-on-exec flag for the given file descriptor. */
+void closeOnExec(int fd);
+
 /* Wrapper around _exit() on Unix and ExitProcess() on Windows.  (On
    Cygwin, _exit() doesn't seem to do the right thing.) */
 void quickExit(int status);