I reported an issue in 2006 for the Linux kernel with passing file descriptors over unix domain sockets (UDS):

[...] a file descriptor, once put into a UNIX domain socket would not be considered by the kernel when the according resource was being closed. If the handle was taken "out of the UDS" after the resource already has been closed than the handle appeared to represent a resource that was no longer valid.

Well, after three years I decided to check, whether this issue is still present in a current kernel (Ubuntu Karmic). It is not. The kernel now handles this scenario correctly: if the only reference to the descriptor is within the UDS (ie: sendmsg(fd), close(fd) but noone called recvmsg(fd) just yet) then the handle is still being accounted for. Thus, after the descriptor is retrieved from the UDS it points to a valid resource (like a still open TCP connection).