aboutsummaryrefslogtreecommitdiffstats
path: root/src/main.rs
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/main.rs23
1 files changed, 23 insertions, 0 deletions
diff --git a/src/main.rs b/src/main.rs
index 638a9a0..ab5a1d4 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -16,14 +16,19 @@ use std::process::exit;
use dotenv;
use postgres::{Client, NoTls};
use dumb_cgi::{Request, EmptyResponse, Query};
+use pledge::pledge_promises;
use rand::{thread_rng, Rng, distributions::Alphanumeric};
use regex::Regex;
+use unveil::unveil;
use url::Url;
// Do the dirty
fn main() {
+ // Let's drop some privileges before we do anything else
+ drop_privs();
+
// Get variables from dotenv, or use defaults
let dburl:&str = &dotenv::var("DATABASE_URL").unwrap_or("postgresql://localhost/purl-rs".to_string());
let create_uri:&str = &dotenv::var("CREATE_URI").unwrap_or("/create".to_string());
@@ -267,4 +272,22 @@ fn check_short(short:&str) -> bool {
}
+//
+// Drop privileges
+//
+fn drop_privs() {
+ // Restrict what files we can access. See unveil(2)
+ unveil(".env", "r")
+ .or_else(unveil::Error::ignore_platform)
+ .unwrap();
+ unveil("", "")
+ .or_else(unveil::Error::ignore_platform)
+ .unwrap();
+
+ // Restrict what system calls we can access. See pledge(2)
+ pledge_promises![Stdio Rpath Inet Dns]
+ .or_else(pledge::Error::ignore_platform)
+ .unwrap();
+}
+
// end of file