Index: src/xzdec/xzdec.c
--- src/xzdec/xzdec.c.orig
+++ src/xzdec/xzdec.c
@@ -295,9 +295,17 @@ main(int argc, char **argv)
 
 	if (optind == argc) {
 		// No filenames given, decode from stdin.
+		if (pledge("stdio", NULL) == -1) {
+			my_errorf("pledge");
+			exit(EXIT_FAILURE);
+		}
 		uncompress(&strm, stdin, "(stdin)");
 	} else {
 		// Loop through the filenames given on the command line.
+		if (pledge("stdio rpath", NULL) == -1) {
+			my_errorf("pledge");
+			exit(EXIT_FAILURE);
+		}
 		do {
 			// "-" indicates stdin.
 			if (strcmp(argv[optind], "-") == 0) {
