doas doesn't need any other open files and should probably shut them all.
Index: doas.c
===================================================================
RCS file: /cvs/src/usr.bin/doas/doas.c,v
retrieving revision 1.41
diff -u -p -r1.41 doas.c
--- doas.c 3 Sep 2015 20:05:58 -0000 1.41
+++ doas.c 17 Sep 2015 16:09:52 -0000
@@ -323,6 +323,8 @@ main(int argc, char **argv, char **envp)
char cwdpath[PATH_MAX];
const char *cwd;
+ closefrom(3);
+
uid = getuid();
while ((ch = getopt(argc, argv, "C:nsu:")) != -1) {
