A process does not close sensitive file descriptors before
					invoking a child process, which allows the child to perform unauthorized I/O
					operations using those descriptors.