POSIX: CHECK() that file_util::ScopedFD fulfills promise.

base/file_util.h

Index: base/file_util.h
diff --git a/base/file_util.h b/base/file_util.h
index 4af6c97ad6257832f258f515de729f7f5efffc30..bd339980494e924d524f7a65619c70d3681ecbe9 100644
--- a/base/file_util.h
+++ b/base/file_util.h
@@ -416,8 +416,14 @@ typedef scoped_ptr<FILE, ScopedFILEClose> ScopedFILE;
 struct ScopedFDClose {
   inline void operator()(int* x) const {
     if (x && *x >= 0) {
-      if (IGNORE_EINTR(close(*x)) < 0)
-        DPLOG(ERROR) << "close";
+      // It's important to crash here.
+      // There are security implications to not closing a file descriptor
+      // properly. As file descriptors are "capabilities", keeping them open
+      // would make the current process keep access to a resource. Much of
+      // Chrome relies on being able to "drop" such access.
+      // It's especially problematic on Linux with the setuid sandbox, where
+      // a single open directory would bypass the entire security model.
+      PCHECK(0 == IGNORE_EINTR(close(*x)));
     }
   }
 };
@@ -427,6 +433,8 @@ struct ScopedFDClose {
 // need to store the FD separately and keep its memory alive). This should
 // probably be called |ScopedFDCloser| or something like that.
 typedef scoped_ptr<int, ScopedFDClose> ScopedFD;
+// Let new users use ScopedFDCloser already, while ScopedFD is replaced.
+typedef ScopedFD ScopedFDCloser;
 #endif  // OS_POSIX
 
 #if defined(OS_LINUX)