From bdd1060445fa358d3ca3f1f98334de60cd5d6c10 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 19 Jun 2024 09:34:40 +0200 Subject: spawn: New flag GPGRT_PROCESS_NO_EUID_CHECK * src/gpg-error.h.in (GPGRT_PROCESS_NO_EUID_CHECK): New. * src/spawn-posix.c (spawn_detached): Move check to ... (_gpgrt_process_spawn): here and skip if flag is set. --- src/gpg-error.h.in | 5 ++++- src/spawn-posix.c | 16 +++++++++------- 2 files changed, 13 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/gpg-error.h.in b/src/gpg-error.h.in index be44afb..5b1b9d2 100644 --- a/src/gpg-error.h.in +++ b/src/gpg-error.h.in @@ -1,5 +1,5 @@ /* gpg-error.h or gpgrt.h - Common code for GnuPG and others. -*- c -*- - * Copyright (C) 2001-2023 g10 Code GmbH + * Copyright (C) 2001-2024 g10 Code GmbH * * This file is part of libgpg-error (aka libgpgrt). * @@ -1095,6 +1095,9 @@ void _gpgrt_log_assert (const char *expr, const char *file, int line, /* Child process has no console (Windows only). */ #define GPGRT_PROCESS_NO_CONSOLE (1 << 2) +/* Allow a detached process with uid != euid (Posix only). */ +#define GPGRT_PROCESS_NO_EUID_CHECK (1 << 3) + /* Specify how to keep/connect standard fds. */ #define GPGRT_PROCESS_STDIN_PIPE (1 << 8) #define GPGRT_PROCESS_STDOUT_PIPE (1 << 9) diff --git a/src/spawn-posix.c b/src/spawn-posix.c index 03ad37a..7de02a9 100644 --- a/src/spawn-posix.c +++ b/src/spawn-posix.c @@ -365,13 +365,6 @@ spawn_detached (const char *pgmname, const char *argv[], gpg_err_code_t ec; pid_t pid; - /* FIXME: Is this GnuPG specific or should we keep it. */ - if (getuid() != geteuid()) - { - xfree (argv); - return GPG_ERR_BUG; - } - if (access (pgmname, X_OK)) { ec = _gpg_err_code_from_syserror (); @@ -542,6 +535,15 @@ _gpgrt_process_spawn (const char *pgmname, const char *argv1[], return GPG_ERR_INV_ARG; } + if (!(flags & GPGRT_PROCESS_NO_EUID_CHECK)) + { + if (getuid() != geteuid()) + { + xfree (argv); + return GPG_ERR_FORBIDDEN; + } + } + return spawn_detached (pgmname, argv, act); } -- cgit v1.2.3