diff --git a/debuggerd/tombstone.cpp b/debuggerd/tombstone.cpp
index c9a237613..08e1101a4 100644
--- a/debuggerd/tombstone.cpp
+++ b/debuggerd/tombstone.cpp
@@ -687,7 +687,7 @@ static char* find_and_open_tombstone(int* fd) {
     if (errno != ENOENT)
       continue;
 
-    *fd = open(path, O_CREAT | O_EXCL | O_WRONLY, 0600);
+    *fd = open(path, O_CREAT | O_EXCL | O_WRONLY | O_NOFOLLOW | O_CLOEXEC, 0600);
     if (*fd < 0)
       continue;   // raced ?
 
@@ -697,7 +697,7 @@ static char* find_and_open_tombstone(int* fd) {
 
   // we didn't find an available file, so we clobber the oldest one
   snprintf(path, sizeof(path), TOMBSTONE_DIR"/tombstone_%02d", oldest);
-  *fd = open(path, O_CREAT | O_TRUNC | O_WRONLY, 0600);
+  *fd = open(path, O_CREAT | O_TRUNC | O_WRONLY | O_NOFOLLOW | O_CLOEXEC, 0600);
   if (*fd < 0) {
     LOG("failed to open tombstone file '%s': %s\n", path, strerror(errno));
     return NULL;