From: Vladislav Shpilevoy <v.shpilevoy@tarantool.org>
To: Mergen Imeev <imeevma@tarantool.org>
Cc: tarantool-patches@dev.tarantool.org
Subject: Re: [Tarantool-patches] [PATCH v1 1/1] box: remove unnecessary rights from peristent functions
Date: Sat, 5 Dec 2020 00:10:38 +0100 [thread overview]
Message-ID: <b93f02c9-bf2f-673a-ae6f-44d7224af501@tarantool.org> (raw)
In-Reply-To: <20201203095423.GA204182@tarantool.org>
Hi! Thanks for the patch!
It looks good except for one comment below. Please, proceed to
making it work on all versions, like we discussed.
> diff --git a/src/box/lua/upgrade.lua b/src/box/lua/upgrade.lua
> index add791cd7..b2475b0f6 100644
> --- a/src/box/lua/upgrade.lua
> +++ b/src/box/lua/upgrade.lua
> @@ -971,6 +971,36 @@ local function upgrade_to_2_3_1()
> create_session_settings_space()
> end
>
> +--------------------------------------------------------------------------------
> +-- Tarantool 2.7.1
> +--------------------------------------------------------------------------------
> +local function backport_upgrade_2_7_1_function_access()
> + local _func = box.space._func
> + local _priv = box.space._priv
> + local datetime = os.date("%Y-%m-%d %H:%M:%S")
> + local funcs_to_change = {'LUA', 'box.schema.user.info'}
> + for _, name in pairs(funcs_to_change) do
> + local func = _func.index['name']:get(name)
> + -- Change setuid of function function if it is not 0.
"function function"? Tbh, the entire comment looks unneeded. It
just literally narrates the condition check. If you want to have
a comment here, better explain what is wrong with having setuid
set. Or nothing.
> + if func ~= nil and func.setuid ~= 0 then
> + local id = func.id
> + log.info('remove old function "'..name..'"')
> + _priv:delete({2, 'function', id})
> + _func:delete({id})
> + log.info('create function "'..name..'" with unset setuid')
> + local new_func = func:update({{'=', 4, 0}, {'=', 18, datetime},
> + {'=', 19, datetime}})
> + _func:replace(new_func)
> + log.info('grant execute on function "'..name..'" to public')
> + _priv:replace{ADMIN, PUBLIC, 'function', id, box.priv.X}
> + end
> + end
> +end
> +
> +local function upgrade_to_2_7_1()
> + backport_upgrade_2_7_1_function_access()
> +end
next prev parent reply other threads:[~2020-12-04 23:10 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-03 0:03 imeevma
2020-11-11 21:48 ` Vladislav Shpilevoy
2020-12-03 9:54 ` Mergen Imeev
2020-12-04 23:10 ` Vladislav Shpilevoy [this message]
2020-12-16 20:23 ` Mergen Imeev
2020-12-20 14:05 ` Vladislav Shpilevoy
2020-12-21 10:51 imeevma
2020-12-21 19:23 ` Sergey Ostanevich
2020-12-22 17:44 ` Mergen Imeev
2020-12-23 9:44 ` Sergey Ostanevich
2020-12-23 12:58 ` Kirill Yukhin
2020-12-21 11:38 imeevma
2020-12-21 19:14 ` Sergey Ostanevich
2020-12-22 7:56 imeevma
2020-12-22 8:13 ` Sergey Ostanevich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b93f02c9-bf2f-673a-ae6f-44d7224af501@tarantool.org \
--to=v.shpilevoy@tarantool.org \
--cc=imeevma@tarantool.org \
--cc=tarantool-patches@dev.tarantool.org \
--subject='Re: [Tarantool-patches] [PATCH v1 1/1] box: remove unnecessary rights from peristent functions' \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox