---
doc/posix-functions/stderr.texi | 3 ++-
doc/posix-functions/stdin.texi | 3 ++-
doc/posix-functions/stdout.texi | 3 ++-
doc/xstdopen.texi | 7 +++++--
4 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/doc/posix-functions/stderr.texi b/doc/posix-functions/stderr.texi
index cf91cf2290..a5274fe54c 100644
--- a/doc/posix-functions/stderr.texi
+++ b/doc/posix-functions/stderr.texi
@@ -24,6 +24,7 @@ POSIX states that a setuid application can guarantee that fd
2 is
open, but some systems guarantee this even for non-setuid programs.
If an application is executed with fd 2 closed, use of @code{stderr}
can affect an unrelated file that happened to be assigned to fd 2.
-The gnulib *-safer modules may be used to guarantee that fd 2 stays
+The gnulib @code{xstdopen} or the *-safer modules may be used to
+guarantee that fd 2 stays
reserved for @code{stderr}.
@end itemize
diff --git a/doc/posix-functions/stdin.texi b/doc/posix-functions/stdin.texi
index cc28b141cd..3b7672a620 100644
--- a/doc/posix-functions/stdin.texi
+++ b/doc/posix-functions/stdin.texi
@@ -22,6 +22,7 @@ POSIX states that a setuid application can guarantee that fd
0 is
open, but some systems guarantee this even for non-setuid programs.
If an application is executed with fd 0 closed, use of @code{stdin}
can affect an unrelated file that happened to be assigned to fd 0.
-The gnulib *-safer modules may be used to guarantee that fd 0 stays
+The gnulib @code{xstdopen} or the *-safer modules may be used to
+guarantee that fd 0 stays
reserved for @code{stdin}.
@end itemize
diff --git a/doc/posix-functions/stdout.texi b/doc/posix-functions/stdout.texi
index 8e8c7f5c06..071bdc5fb7 100644
--- a/doc/posix-functions/stdout.texi
+++ b/doc/posix-functions/stdout.texi
@@ -24,6 +24,7 @@ POSIX states that a setuid application can guarantee that fd
1 is
open, but some systems guarantee this even for non-setuid programs.
If an application is executed with fd 1 closed, use of @code{stdout}
can affect an unrelated file that happened to be assigned to fd 1.
-The gnulib *-safer modules may be used to guarantee that fd 1 stays
+The gnulib @code{xstdopen} or the *-safer modules may be used to
+guarantee that fd 1 stays
reserved for @code{stdout}.
@end itemize
diff --git a/doc/xstdopen.texi b/doc/xstdopen.texi
index 8a7c60a693..d125f662b4 100644
--- a/doc/xstdopen.texi
+++ b/doc/xstdopen.texi
@@ -143,9 +143,12 @@ The @code{*-safer} modules:
@code{stdlib-safer}.
@end itemize
-The approach with the @code{xstdopen} module is simpler, but it adds three
+The approach with the @code{xstdopen} module is simple, but it adds three
system calls to program startup. Whereas the approach with the @code{*-safer}
-modules is more complex, but adds no overhead (no additional system calls)
+modules is more complicated and error-prone,
+and does not fix the problem if system library functions call one
+of the affected functions,
+but adds no overhead (no additional system calls)
in the normal case.
To use the approach with the @code{xstdopen} module:
--
2.43.0
