commit - 00cd0e0a8a2ba7ae142de73402055b7e9780bcb5
commit + ffb5f621a9d5d1330a020a5da4a75e98c0cf62f0
blob - 30b7714cb828855e15681378e3f209eeba3aadec
blob + a0450849b64f0b0c3fa6df5601789184086443cc
--- libexec/got-fetch-pack/got-fetch-pack.c
+++ libexec/got-fetch-pack/got-fetch-pack.c
@@ -604,6 +604,14 @@ main(int argc, char **argv)
 	}
 
 	imsg_init(&ibuf, GOT_IMSG_FD_CHILD);
+#ifndef PROFILE
+	/* revoke access to most system calls */
+	if (pledge("stdio recvfd", NULL) == -1) {
+		err = got_error_from_errno("pledge");
+		got_privsep_send_error(&ibuf, err);
+		return 1;
+	}
+#endif
 	if ((err = got_privsep_recv_imsg(&imsg, &ibuf, 0)) != 0) {
 		if (err->code == GOT_ERR_PRIVSEP_PIPE)
 			err = NULL;