From dfd52321b7beba716fa2bdd4f54e57e9ac806e96 Mon Sep 17 00:00:00 2001
From: Faraz Vahedi <kfv@kfv.io>
Date: Sun, 13 Oct 2024 23:33:25 +0330
Subject: [PATCH] nl(1): Capsicumise the utility

Signed-off-by: Faraz Vahedi <kfv@kfv.io>
Reviewed by:    markj, oshogbo
MFC after:      1 week
Pull Request:   https://github.com/freebsd/freebsd-src/pull/1465
---
 usr.bin/nl/nl.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/usr.bin/nl/nl.c b/usr.bin/nl/nl.c
index a6a14239f58..573e03e4ad0 100644
--- a/usr.bin/nl/nl.c
+++ b/usr.bin/nl/nl.c
@@ -42,6 +42,8 @@
 #include <unistd.h>
 #include <wchar.h>
 
+#include <capsicum_helpers.h>
+
 typedef enum {
 	number_all,		/* number all lines */
 	number_nonempty,	/* number non-empty lines */
@@ -244,6 +246,11 @@ main(int argc, char *argv[])
 		/* NOTREACHED */
 	}
 
+	/* Limit standard descriptors and enter capability mode */
+	caph_cache_catpages();
+	if (caph_limit_stdio() < 0 || caph_enter() < 0)
+		err(EXIT_FAILURE, "capsicum");
+
 	/* Generate the delimiter sequence */
 	memcpy(delim, delim1, delim1len);
 	memcpy(delim + delim1len, delim2, delim2len);