spawn: New flag GPGRT_PROCESS_NO_EUID_CHECK

* src/gpg-error.h.in (GPGRT_PROCESS_NO_EUID_CHECK): New.
* src/spawn-posix.c (spawn_detached): Move check to ...
(_gpgrt_process_spawn): here and skip if flag is set.

2 files changed, 13 insertions, 8 deletions

diff --git a/src/gpg-error.h.in b/src/gpg-error.h.in
index be44afb..5b1b9d2 100644
--- a/src/gpg-error.h.in
+++ b/src/gpg-error.h.in
@@ -1,5 +1,5 @@
 /* gpg-error.h or gpgrt.h - Common code for GnuPG and others.    -*- c -*-
- * Copyright (C) 2001-2023 g10 Code GmbH
+ * Copyright (C) 2001-2024 g10 Code GmbH
  *
  * This file is part of libgpg-error (aka libgpgrt).
  *
@@ -1095,6 +1095,9 @@ void _gpgrt_log_assert (const char *expr, const char *file, int line,
 /* Child process has no console (Windows only).  */
 #define GPGRT_PROCESS_NO_CONSOLE          (1 << 2)
 
+/* Allow a detached process with uid != euid (Posix only).  */
+#define GPGRT_PROCESS_NO_EUID_CHECK       (1 << 3)
+
 /* Specify how to keep/connect standard fds.  */
 #define GPGRT_PROCESS_STDIN_PIPE          (1 << 8)
 #define GPGRT_PROCESS_STDOUT_PIPE         (1 << 9)
diff --git a/src/spawn-posix.c b/src/spawn-posix.c
index 03ad37a..7de02a9 100644
--- a/src/spawn-posix.c
+++ b/src/spawn-posix.c
@@ -365,13 +365,6 @@ spawn_detached (const char *pgmname, const char *argv[],
   gpg_err_code_t ec;
   pid_t pid;
 
-  /* FIXME: Is this GnuPG specific or should we keep it.  */
-  if (getuid() != geteuid())
-    {
-      xfree (argv);
-      return GPG_ERR_BUG;
-    }
-
   if (access (pgmname, X_OK))
     {
       ec = _gpg_err_code_from_syserror ();
@@ -542,6 +535,15 @@ _gpgrt_process_spawn (const char *pgmname, const char *argv1[],
           return GPG_ERR_INV_ARG;
         }
 
+      if (!(flags & GPGRT_PROCESS_NO_EUID_CHECK))
+        {
+          if (getuid() != geteuid())
+            {
+              xfree (argv);
+              return GPG_ERR_FORBIDDEN;
+            }
+        }
+
       return spawn_detached (pgmname, argv, act);
     }