Index: src/ngircd/proc.c
--- src/ngircd/proc.c.orig
+++ src/ngircd/proc.c
@@ -24,6 +24,7 @@
 #include <sys/types.h>
 #include <unistd.h>
 #include <time.h>
+#include <err.h>
 
 #include "log.h"
 #include "io.h"
@@ -76,6 +77,9 @@ Proc_Fork(PROC_STAT *proc, int *pipefds, void (*cbfunc
 		return -1;
 	case 0:
 		/* New child process: */
+		/* XXX no PAM, fork only for DNS and IDENT */
+		if (pledge("stdio dns inet", NULL) == -1)
+			err(1, "pledge");
 #ifdef HAVE_ARC4RANDOM_STIR
 		arc4random_stir();
 #endif