What are we trying to solve here


Unintended use of code

If sshd pre-auth had a bug, we should not allow opening of new
sockets or other complicated code sequences!

sshd pre-auth is very carefully written to use only low-level calls

Anything surprising should cause instant process death

pledge() is a seatbelt