Adds Capsicum to uuencode(1).
style(9) asks for variable declarations to be placed at least top of scope, if not at the top of the function.
Is this really all that is needed on output, or do we also need the usual stream rights? I'd suggest using caph_limit_stream(fileno(output), CAP_WRITE).
style(9) nit: excess spaces between parens
Use fileno(3) to access output's fd; do not access FILE members directly.
style(9) nit: Do not use non-boolean values directly in conditionals (i.e., compare cap_rights_limit(...) to zero).
This could be replaced with caph_enter() :-).
Are we sure this program does not need to cache catpages before entering the sandbox? (I.e., it does not attempt to access any localization after this point, if lang is not en_US?)
I ran the modifier uuencode through ktrace(1) and found no reference to anything like localization after caph_enter(). The only system call observed wrt file descriptors were the read and write call for the input and output files.