diff --git a/usr.bin/wall/ttymsg.c b/usr.bin/wall/ttymsg.c
--- a/usr.bin/wall/ttymsg.c
+++ b/usr.bin/wall/ttymsg.c
@@ -33,7 +33,9 @@
 
 #include <sys/types.h>
 #include <sys/uio.h>
+#include <capsicum_helpers.h>
 #include <dirent.h>
+#include <err.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <paths.h>
@@ -52,6 +54,7 @@
  * error; string is not newline-terminated.  Various "normal" errors are
  * ignored (exclusive-use, lack of permission, etc.).
  */
+int fdp;
 const char *
 ttymsg(struct iovec *iov, int iovcnt, const char *line, int tmout)
 {
@@ -62,6 +65,7 @@
 	static char errbuf[1024];
 	char *p;
 	int forked;
+	cap_rights_t rights;
 
 	forked = 0;
 	if (iovcnt > (int)(sizeof(localiov) / sizeof(localiov[0])))
@@ -90,6 +94,10 @@
 		return (errbuf);
 	}
 
+	cap_rights_init(&rights, CAP_WRITE);
+	if (caph_rights_limit(fd, &rights) == -1)
+		err(1, "unable to limit capability rights");
+
 	for (cnt = 0, left = 0; cnt < iovcnt; ++cnt)
 		left += iov[cnt].iov_len;
 
@@ -122,7 +130,7 @@
 				(void) close(fd);
 				_exit(1);
 			}
-			cpid = fork();
+			cpid = pdfork(&pfd,0);;
 			if (cpid < 0) {
 				(void) snprintf(errbuf, sizeof(errbuf),
 				    "fork: %s", strerror(errno));
diff --git a/usr.bin/wall/wall.c b/usr.bin/wall/wall.c
--- a/usr.bin/wall/wall.c
+++ b/usr.bin/wall/wall.c
@@ -38,6 +38,7 @@
 #include <sys/stat.h>
 #include <sys/uio.h>
 
+#include <capsicum_helpers.h>
 #include <ctype.h>
 #include <err.h>
 #include <grp.h>
@@ -95,6 +96,13 @@
 
 	(void)setlocale(LC_CTYPE, "");
 
+        /*
+        * Cache NLS data, for strerror, for err(3), before entering capability
+        * mode.
+        */
+        caph_cache_catpages();
+
+
 	while ((ch = getopt(argc, argv, "g:n")) != -1)
 		switch (ch) {
 		case 'n':
@@ -161,6 +169,10 @@
 		if ((p = ttymsg(&iov, 1, utmp->ut_line, 60*5)) != NULL)
 			warnx("%s", p);
 	}
+
+	if (caph_enter() < 0)
+		err(1, "unable to enter capability mode");
+
 	exit(0);
 }