spawn: New flag GPGRT_PROCESS_NO_EUID_CHECK

* src/gpg-error.h.in (GPGRT_PROCESS_NO_EUID_CHECK): New.
* src/spawn-posix.c (spawn_detached): Move check to ...
(_gpgrt_process_spawn): here and skip if flag is set.

1 files changed, 9 insertions, 7 deletions

diff --git a/src/spawn-posix.c b/src/spawn-posix.c
index 03ad37a..7de02a9 100644
--- a/src/spawn-posix.c
+++ b/src/spawn-posix.c
@@ -365,13 +365,6 @@ spawn_detached (const char *pgmname, const char *argv[],
   gpg_err_code_t ec;
   pid_t pid;
 
-  /* FIXME: Is this GnuPG specific or should we keep it.  */
-  if (getuid() != geteuid())
-    {
-      xfree (argv);
-      return GPG_ERR_BUG;
-    }
-
   if (access (pgmname, X_OK))
     {
       ec = _gpg_err_code_from_syserror ();
@@ -542,6 +535,15 @@ _gpgrt_process_spawn (const char *pgmname, const char *argv1[],
           return GPG_ERR_INV_ARG;
         }
 
+      if (!(flags & GPGRT_PROCESS_NO_EUID_CHECK))
+        {
+          if (getuid() != geteuid())
+            {
+              xfree (argv);
+              return GPG_ERR_FORBIDDEN;
+            }
+        }
+
       return spawn_detached (pgmname, argv, act);
     }