Index: sys/amd64/cloudabi64/cloudabi64_sysvec.c
===================================================================
--- sys/amd64/cloudabi64/cloudabi64_sysvec.c
+++ sys/amd64/cloudabi64/cloudabi64_sysvec.c
@@ -224,7 +224,7 @@
 	.sv_usrstack		= USRSTACK,
 	.sv_stackprot		= VM_PROT_READ | VM_PROT_WRITE,
 	.sv_copyout_strings	= cloudabi64_copyout_strings,
-	.sv_flags		= SV_ABI_CLOUDABI | SV_CAPSICUM,
+	.sv_flags		= SV_ABI_CLOUDABI | SV_CAPSICUM | SV_NOSIGNALS,
 	.sv_set_syscall_retval	= cloudabi64_set_syscall_retval,
 	.sv_fetch_syscall_args	= cloudabi64_fetch_syscall_args,
 	.sv_syscallnames	= cloudabi64_syscallnames,
Index: sys/kern/kern_exec.c
===================================================================
--- sys/kern/kern_exec.c
+++ sys/kern/kern_exec.c
@@ -634,7 +634,7 @@
 	stopprofclock(p);
 
 	/* reset caught signals */
-	execsigs(p);
+	execsigs(p, SV_PROC_FLAG(p, SV_NOSIGNALS));
 
 	/* name this process - nameiexec(p, ndp) */
 	bzero(p->p_comm, sizeof(p->p_comm));
Index: sys/kern/kern_sig.c
===================================================================
--- sys/kern/kern_sig.c
+++ sys/kern/kern_sig.c
@@ -950,8 +950,9 @@
  * Reset signals for an exec of the specified process.
  */
 void
-execsigs(struct proc *p)
+execsigs(struct proc *p, bool nosignals)
 {
+	sigset_t osigignore;
 	struct sigacts *ps;
 	int sig;
 	struct thread *td;
@@ -971,6 +972,24 @@
 		if ((sigprop(sig) & SA_IGNORE) != 0)
 			sigqueue_delete_proc(p, sig);
 	}
+
+	/*
+	 * As CloudABI processes cannot modify signal handlers, fully
+	 * reset all signals to their default behavior. Do ignore
+	 * SIGPIPE, as it would otherwise be impossible to recover from
+	 * writes to broken pipes and sockets.
+	 */
+	if (nosignals) {
+		osigignore = ps->ps_sigignore;
+		while (SIGNOTEMPTY(osigignore)) {
+			sig = sig_ffs(&osigignore);
+			SIGDELSET(osigignore, sig);
+			if (sig != SIGPIPE)
+				sigdflt(ps, sig);
+		}
+		SIGADDSET(ps->ps_sigignore, SIGPIPE);
+	}
+
 	/*
 	 * Reset stack state to the user stack.
 	 * Clear set of signals caught on the signal stack.
Index: sys/sys/signalvar.h
===================================================================
--- sys/sys/signalvar.h
+++ sys/sys/signalvar.h
@@ -326,7 +326,7 @@
 int	cursig(struct thread *td);
 int	sigdeferstop(void);
 int	sigallowstop(void);
-void	execsigs(struct proc *p);
+void	execsigs(struct proc *p, bool nosignals);
 void	gsignal(int pgid, int sig, ksiginfo_t *ksi);
 void	killproc(struct proc *p, char *why);
 ksiginfo_t * ksiginfo_alloc(int wait);
Index: sys/sys/sysent.h
===================================================================
--- sys/sys/sysent.h
+++ sys/sys/sysent.h
@@ -145,6 +145,7 @@
 #define	SV_AOUT		0x008000	/* a.out executable. */
 #define	SV_SHP		0x010000	/* Shared page. */
 #define	SV_CAPSICUM	0x020000	/* Force cap_enter() on startup. */
+#define	SV_NOSIGNALS	0x040000	/* No signal handling available. */
 
 #define	SV_ABI_MASK	0xff
 #define	SV_PROC_FLAG(p, x)	((p)->p_sysent->sv_flags & (x))