Index: usr.bin/jot/jot.c
===================================================================
--- usr.bin/jot/jot.c
+++ usr.bin/jot/jot.c
@@ -47,14 +47,18 @@
  * Author:  John Kunze, Office of Comp. Affairs, UCB
  */
 
+#include <sys/capsicum.h>
 #include <ctype.h>
 #include <err.h>
+#include <errno.h>
 #include <limits.h>
+#include <nl_types.h>
 #include <stdio.h>
 #include <stdint.h>
 #include <stdlib.h>
 #include <stdbool.h>
 #include <string.h>
+#include <termios.h>
 #include <time.h>
 #include <unistd.h>
 
@@ -89,6 +93,7 @@
 int
 main(int argc, char **argv)
 {
+	cap_rights_t rights;
 	bool	have_format = false;
 	bool	infinity = false;
 	bool	nofinalnl = false;
@@ -104,6 +109,26 @@
 	double	x, y;
 	long	i;
 	long	reps = REPS_DEF;
+	unsigned long cmd;
+
+	fclose(stdin);
+
+	cmd = TIOCGETA;
+	cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT, CAP_IOCTL);
+	if ((cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) ||
+	    (cap_ioctls_limit(STDOUT_FILENO, &cmd, 1) < 0 && errno != ENOSYS) ||
+	    (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) ||
+	    (cap_ioctls_limit(STDERR_FILENO, &cmd, 1) < 0 && errno != ENOSYS))
+		err(1, "unable to limit rights/ioctls for stdout/stderr");
+
+	/*
+	 * Cache NLS data, for strerror, for err(3), before entering capability
+	 * mode.
+	 */
+	(void)catopen("libc", NL_CAT_LOCALE);
+
+	if (cap_enter() < 0 && errno != ENOSYS)
+		err(1, "unable to enter capability mode");
 
 	while ((ch = getopt(argc, argv, "b:cnp:rs:w:")) != -1)
 		switch (ch) {