aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMattias Andrée <maandree@operamail.com>2014-04-20 22:39:07 +0200
committerMattias Andrée <maandree@operamail.com>2014-04-20 22:39:07 +0200
commit0b4a43f05de26c92158cfb9e3045d238691fc0be (patch)
tree52ca4273050c3ff1c541d202acce31c9f7a3678b
parentm (diff)
downloadmds-0b4a43f05de26c92158cfb9e3045d238691fc0be.tar.gz
mds-0b4a43f05de26c92158cfb9e3045d238691fc0be.tar.bz2
mds-0b4a43f05de26c92158cfb9e3045d238691fc0be.tar.xz
create and bind socket
Signed-off-by: Mattias Andrée <maandree@operamail.com>
Diffstat (limited to '')
-rw-r--r--src/config.h10
-rw-r--r--src/mds.c24
2 files changed, 33 insertions, 1 deletions
diff --git a/src/config.h b/src/config.h
index 551568c..ef49b4d 100644
--- a/src/config.h
+++ b/src/config.h
@@ -50,7 +50,15 @@
#define ROOT_GROUP_GID 0
#endif
-/* There two names above are redundant, but hat is to avoid errors. */
+
+/**
+ * The group ID for the nobody group
+ */
+#ifndef NOBODY_GROUP_GID
+#define NOBODY_GROUP_GID ROOT_GROUP_GID
+#endif
+
+/* There three names above are redundant, but hat is to avoid errors. */
/**
diff --git a/src/mds.c b/src/mds.c
index ff60043..639d0a3 100644
--- a/src/mds.c
+++ b/src/mds.c
@@ -28,6 +28,7 @@
#include <string.h>
#include <stdlib.h>
#include <signal.h>
+#include <sys/socket.h>
/**
@@ -50,6 +51,7 @@ static const char** argv;
*/
int main(int argc_, const char** argv_)
{
+ struct sockaddr_un address;
char pathname[PATH_MAX];
char piddata[64];
unsigned int display;
@@ -178,11 +180,33 @@ int main(int argc_, const char** argv_)
"%s=%u", DISPLAY_ENV, display);
putenv(pathname);
+ /* Create display socket. */
+ snprintf(pathname, sizeof(pathname) / sizeof(char), "%s/%u.socket",
+ MDS_RUNTIME_ROOT_DIRECTORY, display);
+ address.sun_family = AF_UNIX;
+ strcpy(address.sun_path, path);
+ unlink(pathname);
+ fd = socket(AF_UNIX, SOCK_STREAM, 0);
+ if ((fchmod(fd, S_IRWXU) < 0) ||
+ (fchown(fd, getuid(), NOBODY_GROUP_GID) < 0))
+ {
+ perror(*argv);
+ close(fd);
+ return 1;
+ }
+ if (bind(fd, (struct sockaddr*)(&address), sizeof(address)) < 0)
+ {
+ perror(*argv);
+ close(fd);
+ return 1;
+ }
+
/* Drop privileges. They most not be propagated non-authorised components. */
/* setgid should not be set, but just to be safe we are restoring both user and group. */
if ((seteuid(getuid()) < 0) || (setegid(getgid()) < 0))
{
perror(*argv);
+ close(fd);
return 1;
}