diff --git a/slock.c b/slock.c
index c9cdee2..d8b9913 100644
--- a/slock.c
+++ b/slock.c
@@ -23,6 +23,10 @@
 #include <bsd_auth.h>
 #endif
 
+#ifndef __OpenBSD__
+int pledge(const char *promises, const char *paths[]) { return 0; }
+#endif
+
 enum {
 	INIT,
 	INPUT,
@@ -280,6 +284,14 @@ usage(void)
 	exit(1);
 }
 
+void
+xpledge(const char *promises, const char *paths[])
+{
+	if (pledge(promises, paths) < 0) {
+		die("slock: pledge: %s (%s)\n", strerror(errno), promises);
+	}
+}
+
 int
 main(int argc, char **argv) {
 #ifndef HAVE_BSD_AUTH
@@ -299,6 +311,8 @@ main(int argc, char **argv) {
 	dontkillme();
 #endif
 
+	xpledge("stdio dns unix rpath prot_exec getpw proc exec", NULL);
+
 	if (!getpwuid(getuid()))
 		die("no passwd entry for you\n");
 
@@ -334,6 +348,8 @@ main(int argc, char **argv) {
 		die("execvp %s failed: %s\n", argv[1], strerror(errno));
 	}
 
+	xpledge("stdio rpath getpw proc exec", NULL);
+
 	/* Everything is now blank. Now wait for the correct password. */
 #ifdef HAVE_BSD_AUTH
 	readpw(dpy);