box: fix unauthorized inserts into _truncate table
Non privileged user (thru public role) has write access to _truncate table in order to be able to perform truncates on it's tables. Normally it should be able to modify records only for the tables he has write access. Yet now due to bootstrap check it is not so. Closes tarantool/security#5 NO_DOC=bugfix (cherry picked from commit 941318e7)
Showing
- changelogs/unreleased/ghs-5-fix-auth-check-on-truncate.md 3 additions, 0 deletionschangelogs/unreleased/ghs-5-fix-auth-check-on-truncate.md
- src/box/alter.cc 8 additions, 6 deletionssrc/box/alter.cc
- test/box-luatest/ghs_5_fix_auth_check_on_truncate_test.lua 35 additions, 0 deletionstest/box-luatest/ghs_5_fix_auth_check_on_truncate_test.lua
Loading
Please register or sign in to comment