[Tarantool-patches] [PATCH v1 1/1] box: remove unnecessary rights from peristent functions

Kirill Yukhin kyukhin at tarantool.org
Wed Dec 23 15:58:50 MSK 2020


Hello,

On 21 Dec 13:51, Mergen Imeev via Tarantool-patches wrote:
> After this patch, the persistent functions "box.schema.user.info" and
> "LUA" will have the same rights as the user who executed them.
> 
> The problem was that setuid was unnecessarily set. Because of this,
> these functions had the same rights as the user who created them.
> However, they must have the same rights as the user who used them.
> 
> Fixes tarantool/security#1

I've checked your patch into 2.5, 2.6 and masterr.

--
Regards, Kirill Yukhin


More information about the Tarantool-patches mailing list