[Tarantool-patches] [PATCH v1 1/1] box: remove unnecessary rights from peristent functions
Kirill Yukhin
kyukhin at tarantool.org
Wed Dec 23 15:58:50 MSK 2020
Hello,
On 21 Dec 13:51, Mergen Imeev via Tarantool-patches wrote:
> After this patch, the persistent functions "box.schema.user.info" and
> "LUA" will have the same rights as the user who executed them.
>
> The problem was that setuid was unnecessarily set. Because of this,
> these functions had the same rights as the user who created them.
> However, they must have the same rights as the user who used them.
>
> Fixes tarantool/security#1
I've checked your patch into 2.5, 2.6 and masterr.
--
Regards, Kirill Yukhin
More information about the Tarantool-patches
mailing list