diff --git a/include/tarantool_lua.h b/include/tarantool_lua.h
index af20890bde6bec465a9fdcb3cc86071c2df7bb83..15fd7133eed3d709b18f6f5cd6ce6a6f299678fb 100644
--- a/include/tarantool_lua.h
+++ b/include/tarantool_lua.h
@@ -78,9 +78,18 @@ void tarantool_lua_load_cfg(struct lua_State *L,
 /**
  * Load and execute start-up file
  *
- * @param L is Lua State
+ * @param L is a Lua State.
  */
 void tarantool_lua_load_init_script(struct lua_State *L);
+
+/**
+ * Nullify some functions by security reasons in the Lua sate.
+ *
+ * @param L is a Lua State.
+ */
+void
+tarantool_lua_security_nullify(struct lua_State *L);
+
 void
 tarantool_lua(struct lua_State *L,
 	      struct tbuf *out, const char *str);
diff --git a/mod/box/box.lua b/mod/box/box.lua
index e5aa65459229484789fa911be9471dbb9339ae14..10d395c3e8f1331ca91c69c09c4aa3db40204d03 100644
--- a/mod/box/box.lua
+++ b/mod/box/box.lua
@@ -324,12 +324,4 @@ function box.on_reload_configuration()
     end
 end
 
--- security: nullify some of the most serious os.* holes
-os.execute = nil
-os.exit = nil
-os.rename = nil
-os.tmpname = nil
-os.remove = nil
-require = nil
-
 -- vim: set et ts=4 sts
diff --git a/src/tarantool.m b/src/tarantool.m
index cccf7859f03829b32ec3864e3edbbf43ab256a73..ab7021e3d11fb44ecc2ef21fe8c6086c9d35bde6 100644
--- a/src/tarantool.m
+++ b/src/tarantool.m
@@ -731,6 +731,10 @@ main(int argc, char **argv)
 	 * was fully initialized.
 	 */
 	tarantool_lua_load_init_script(tarantool_L);
+	/*
+	 * Nullify some functions by security reasons.
+	 */
+	tarantool_lua_security_nullify(tarantool_L);
 
 	prelease(fiber->gc_pool);
 	say_crit("log level %i", cfg.log_level);
diff --git a/src/tarantool_lua.m b/src/tarantool_lua.m
index e4afd5b20c0a904b5f516129341da6f363096ab0..242e11ee23387eb487cfb9978362ee599b5cca31 100644
--- a/src/tarantool_lua.m
+++ b/src/tarantool_lua.m
@@ -1114,6 +1114,25 @@ void tarantool_lua_load_init_script(struct lua_State *L)
 	fiber_call(loader);
 }
 
+void
+tarantool_lua_security_nullify(struct lua_State *L)
+{
+	/*
+	 * Nullify some functions by security reasons:
+	 * 1. some so.* functions (like os.execute, os.exit, etc..)
+	 * 2. require function (because it can provide access to ffi)
+	 */
+	int result = tarantool_lua_dostring(L,
+					    "os.execute = nil\n"
+					    "os.exit = nil\n"
+					    "os.rename = nil\n"
+					    "os.tmpname = nil\n"
+					    "os.remove = nil\n"
+					    "require = nil\n");
+	if (result)
+		panic("can't nullify unsafe (in security mind) functions");
+}
+
 /*
  * vim: foldmethod=marker
  */
diff --git a/test/box/lua.result b/test/box/lua.result
index f8117e9204547ccc58c89f31039fb8b1dfaaa73e..66c25dbaec6d8011f1623346cb9c1a753432d69e 100644
--- a/test/box/lua.result
+++ b/test/box/lua.result
@@ -1220,6 +1220,21 @@ lua box.select(0, 0, 4)
  - 4: {8, 16}
 ...
 
+# Test bug #1002272
+
+lua floor(0.5)
+---
+ - 0
+...
+lua floor(0.9)
+---
+ - 0
+...
+lua floor(1.1)
+---
+ - 1
+...
+
 # clean-up after tests
 
 
diff --git a/test/box/lua.test b/test/box/lua.test
index bc89b0d08497ba19d982ec095ef4c39e127ea257..695e845a4b5a2a7d0eb591dc0cdff75c54b5d72a 100644
--- a/test/box/lua.test
+++ b/test/box/lua.test
@@ -415,6 +415,13 @@ exec admin "lua box.select(0, 0, 1)"
 exec admin "lua box.select(0, 0, 2)"
 exec admin "lua box.select(0, 0, 4)"
 
+print """
+# Test bug #1002272
+"""
+exec admin "lua floor(0.5)"
+exec admin "lua floor(0.9)"
+exec admin "lua floor(1.1)"
+
 print """
 # clean-up after tests
 """
diff --git a/test/box/test_init.lua b/test/box/test_init.lua
index f6cc13dc3de026e9abe0f96a3de4e9e414ae5142..36dbdbba17a24c7b40e60951dc162bee836b30df 100644
--- a/test/box/test_init.lua
+++ b/test/box/test_init.lua
@@ -1,4 +1,5 @@
 -- testing start-up script
+floor = require("math").floor
 
 --
 -- Access to box.cfg from start-up script