2 files changed, 33 insertions, 1 deletions

diff --git a/src/config.h b/src/config.h
index 551568c..ef49b4d 100644
--- a/src/config.h
+++ b/src/config.h
@@ -50,7 +50,15 @@
 #define ROOT_GROUP_GID  0
 #endif
 
-/* There two names above are redundant, but hat is to avoid errors. */
+
+/**
+ * The group ID for the nobody group
+ */
+#ifndef NOBODY_GROUP_GID
+#define NOBODY_GROUP_GID  ROOT_GROUP_GID
+#endif
+
+/* There three names above are redundant, but hat is to avoid errors. */
 
 
 /**
diff --git a/src/mds.c b/src/mds.c
index ff60043..639d0a3 100644
--- a/src/mds.c
+++ b/src/mds.c
@@ -28,6 +28,7 @@
 #include <string.h>
 #include <stdlib.h>
 #include <signal.h>
+#include <sys/socket.h>
 
 
 /**
@@ -50,6 +51,7 @@ static const char** argv;
  */
 int main(int argc_, const char** argv_)
 {
+  struct sockaddr_un address;
   char pathname[PATH_MAX];
   char piddata[64];
   unsigned int display;
@@ -178,11 +180,33 @@ int main(int argc_, const char** argv_)
 	   "%s=%u", DISPLAY_ENV, display);
   putenv(pathname);
   
+  /* Create display socket. */
+  snprintf(pathname, sizeof(pathname) / sizeof(char), "%s/%u.socket",
+	   MDS_RUNTIME_ROOT_DIRECTORY, display);
+  address.sun_family = AF_UNIX;
+  strcpy(address.sun_path, path);
+  unlink(pathname);
+  fd = socket(AF_UNIX, SOCK_STREAM, 0);
+  if ((fchmod(fd, S_IRWXU) < 0) ||
+      (fchown(fd, getuid(), NOBODY_GROUP_GID) < 0))
+    {
+      perror(*argv);
+      close(fd);
+      return 1;
+    }
+  if (bind(fd, (struct sockaddr*)(&address), sizeof(address)) < 0)
+    {
+      perror(*argv);
+      close(fd);
+      return 1;
+    }
+  
   /* Drop privileges. They most not be propagated non-authorised components. */
   /* setgid should not be set, but just to be safe we are restoring both user and group. */
   if ((seteuid(getuid()) < 0) || (setegid(getgid()) < 0))
     {
       perror(*argv);
+      close(fd);
       return 1;
     }