pledge allows you to limit a program’s access to system calls very easily.
This is a huge improvement in security: why should cut(1) ever need to open a
socket? Just deny it the ability to do so. Even if a binary is compromised, its
chances to misbehave are greatly reduced.
int
main(int argc, char *argv[])
{
[...]
if (pledge("stdio rpath", NULL) == -1)
err(1, "pledge");
[...]
}
Within only two releases, the OpenBSD Developers managed to introduce pledge
to most of the binaries in the base system.
Details: