Index: usr.bin/elf2aout/elf2aout.c
===================================================================
--- usr.bin/elf2aout/elf2aout.c
+++ usr.bin/elf2aout/elf2aout.c
@@ -28,12 +28,14 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/types.h>
+#include <sys/capsicum.h>
 #include <sys/elf64.h>
 #include <sys/endian.h>
 #include <sys/mman.h>
 #include <sys/stat.h>
 
 #include <err.h>
+#include <errno.h>
 #include <fcntl.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -65,6 +67,7 @@
 int
 main(int ac, char **av)
 {
+	cap_rights_t rights;
 	Elf64_Half phentsize;
 	Elf64_Half machine;
 	Elf64_Half phnum;
@@ -91,6 +94,9 @@
 		case 'o':
 			if ((fd = open(optarg, O_CREAT|O_RDWR, 0644)) < 0)
 				err(1, "%s", optarg);
+			cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE);
+			if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
+				err(1, "unable to limit rights for %s", optarg);
 			break;
 		case '?':
 		default:
@@ -103,6 +109,17 @@
 
 	if ((efd = open(*av, O_RDONLY)) < 0 || fstat(efd, &sb) < 0)
 		err(1, NULL);
+	cap_rights_init(&rights, CAP_MMAP_R);
+	if (cap_rights_limit(efd, &rights) < 0 && errno != ENOSYS)
+		err(1, "unable to limit rights for %s", *av);
+	fclose(stdin);
+	cap_rights_init(&rights, CAP_WRITE);
+	if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
+		err(1, "unable to limit rights for stdout");
+	if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS)
+		err(1, "unable to limit rights for stderr");
+	if (cap_enter() < 0 && errno != ENOSYS)
+		err(1, "unable to enter capability mode");
 	v = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, efd, 0);
 	if ((e = v) == MAP_FAILED)
 		err(1, NULL);