diff --git a/ChangeLog b/ChangeLog
index 7f68f47dc..b7c901428 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2002-01-03  Keith Packard  <keithp@keithp.com>
+
+        * builds/unix/ftsystem.c (FT_New_Stream): added a fix to ensure that
+        all FreeType input streams are closed in child processes of a "fork"
+        on Unix systems. This is important to avoid (potential) access
+        control issues..
+
+
 2002-01-03  David Turner  <david@freetype.org>
 
         * src/type1/t1objs.c (T1_Face_Init): fixed a bug that crashed the
diff --git a/builds/unix/ftsystem.c b/builds/unix/ftsystem.c
index d58c07c21..c492be19d 100644
--- a/builds/unix/ftsystem.c
+++ b/builds/unix/ftsystem.c
@@ -223,6 +223,19 @@
       return FT_Err_Cannot_Open_Resource;
     }
 
+    /* here, we ensure that a "fork" will _not_ duplicate  */
+    /* our opened input streams on Unix. This is critical  */
+    /* since it would avoid some (possible) access control */
+    /* issues and clean up the kernel file table a bit.    */
+    /*                                                     */
+#ifdef F_SETFD
+#  ifdef FD_CLOEXEC
+    ret = fcntl ( file, F_SETFD, FD_CLOEXEC);
+#  else
+    ret = fcntl ( file, F_SETFD, 1);
+#  endif /* FD_CLOEXEC */
+#endif /* F_SETFD */
+
     if ( fstat( file, &stat_buf ) < 0 )
     {
       FT_ERROR(( "FT_New_Stream:" ));