Index: usr.bin/elf2aout/elf2aout.c
===================================================================
--- usr.bin/elf2aout/elf2aout.c
+++ usr.bin/elf2aout/elf2aout.c
@@ -27,6 +27,7 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+#include <sys/capsicum.h>
 #include <sys/types.h>
 #include <sys/elf64.h>
 #include <sys/endian.h>
@@ -34,6 +35,7 @@
 #include <sys/stat.h>
 
 #include <err.h>
+#include <errno.h>
 #include <fcntl.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -84,6 +86,7 @@
 	int fd;
 	int c;
 	int i;
+	cap_rights_t rights;
 
 	fd = STDIN_FILENO;
 	while ((c = getopt(ac, av, "o:")) != -1)
@@ -91,6 +94,9 @@
 		case 'o':
 			if ((fd = open(optarg, O_CREAT|O_RDWR, 0644)) < 0)
 				err(1, "%s", optarg);
+			cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE);
+			if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
+				err(1, "unable to limit rights for %s", optarg);
 			break;
 		case '?':
 		default:
@@ -103,6 +109,13 @@
 
 	if ((efd = open(*av, O_RDONLY)) < 0 || fstat(efd, &sb) < 0)
 		err(1, NULL);
+	cap_rights_init(&rights, CAP_MMAP_R);
+	if (cap_rights_limit(efd, &rights) < 0 && errno != ENOSYS)
+		err(1, "unable to limit rights for %s", *av);
+
+	if (cap_enter() < 0 && errno != ENOSYS)
+		err(1, "unable to enter capability mode");
+
 	v = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, efd, 0);
 	if ((e = v) == MAP_FAILED)
 		err(1, NULL);
Index: usr.bin/elfdump/elfdump.c
===================================================================
--- usr.bin/elfdump/elfdump.c
+++ usr.bin/elfdump/elfdump.c
@@ -28,6 +28,7 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+#include <sys/capsicum.h>
 #include <sys/types.h>
 #include <sys/elf32.h>
 #include <sys/elf64.h>
@@ -35,6 +36,7 @@
 #include <sys/mman.h>
 #include <sys/stat.h>
 #include <err.h>
+#include <errno.h>
 #include <fcntl.h>
 #include <inttypes.h>
 #include <stddef.h>
@@ -467,6 +469,7 @@
 int
 main(int ac, char **av)
 {
+	cap_rights_t rights;
 	u_int64_t phoff;
 	u_int64_t shoff;
 	u_int64_t phentsize;
@@ -527,6 +530,9 @@
 		case 'w':
 			if ((out = fopen(optarg, "w")) == NULL)
 				err(1, "%s", optarg);
+			cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE);
+			if (cap_rights_limit(fileno(out), &rights) < 0 && errno != ENOSYS)
+				err(1, "unable to limit rights for %s", optarg);
 			break;
 		case '?':
 		default:
@@ -539,6 +545,16 @@
 	if ((fd = open(*av, O_RDONLY)) < 0 ||
 	    fstat(fd, &sb) < 0)
 		err(1, "%s", *av);
+	cap_rights_init(&rights, CAP_MMAP_R);
+	if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
+		err(1, "unable to limit rights for %s", *av);
+	cap_rights_init(&rights, CAP_WRITE);
+	if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
+		err(1, "unable to limit rights for stdout");
+	if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS)
+		err(1, "unable to limit rights for stderr");
+	if (cap_enter() < 0 && errno != ENOSYS)
+		err(1, "unable to enter capability mode");
 	e = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
 	if (e == MAP_FAILED)
 		err(1, NULL);