busybox

hush: do not leak script fds into NOEXEC children

We set all opened script fds to CLOEXEC, thus making then go away
after fork+exec.
Unfortunately, CLOFORK does not exist. NOEXEC children will still see those fds open.

For one, "ls" applet is NOEXEC. Therefore running "ls -l /proc/self/fd"
in a script from standalone shell shows this:

lrwx------    1 root     root            64 Aug 20 15:17 0 -> /dev/pts/3
lrwx------    1 root     root            64 Aug 20 15:17 1 -> /dev/pts/3
lrwx------    1 root     root            64 Aug 20 15:17 2 -> /dev/pts/3
lr-x------    1 root     root            64 Aug 20 15:17 3 -> /path/to/top/level/script
lr-x------    1 root     root            64 Aug 20 15:17 4 -> /path/to/sourced/SCRIPT1
...

with as many open fds as there are ". SCRIPTn" nest levels.
Fix it by closing these fds after fork (only for NOEXEC children).

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>