diff options
Diffstat (limited to 'src/main.rs')
| -rw-r--r-- | src/main.rs | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/src/main.rs b/src/main.rs index 638a9a0..ab5a1d4 100644 --- a/src/main.rs +++ b/src/main.rs @@ -16,14 +16,19 @@ use std::process::exit; use dotenv; use postgres::{Client, NoTls}; use dumb_cgi::{Request, EmptyResponse, Query}; +use pledge::pledge_promises; use rand::{thread_rng, Rng, distributions::Alphanumeric}; use regex::Regex; +use unveil::unveil; use url::Url; // Do the dirty fn main() { + // Let's drop some privileges before we do anything else + drop_privs(); + // Get variables from dotenv, or use defaults let dburl:&str = &dotenv::var("DATABASE_URL").unwrap_or("postgresql://localhost/purl-rs".to_string()); let create_uri:&str = &dotenv::var("CREATE_URI").unwrap_or("/create".to_string()); @@ -267,4 +272,22 @@ fn check_short(short:&str) -> bool { } +// +// Drop privileges +// +fn drop_privs() { + // Restrict what files we can access. See unveil(2) + unveil(".env", "r") + .or_else(unveil::Error::ignore_platform) + .unwrap(); + unveil("", "") + .or_else(unveil::Error::ignore_platform) + .unwrap(); + + // Restrict what system calls we can access. See pledge(2) + pledge_promises![Stdio Rpath Inet Dns] + .or_else(pledge::Error::ignore_platform) + .unwrap(); +} + // end of file |