diff --git a/include/tarantool_lua.h b/include/tarantool_lua.h
index 0c4fc9456a50715ef176505f7014c13792c264bd..83aefc03e6037e660230c43ddfdc4bee58b39fdd 100644
--- a/include/tarantool_lua.h
+++ b/include/tarantool_lua.h
@@ -93,7 +93,7 @@ tarantool_lua_load_cfg(struct lua_State *L,
/**
* Load and execute start-up file
*
- * @param L is Lua State
+ * @param L is a Lua State.
*/
void
tarantool_lua_load_init_script(struct lua_State *L);
diff --git a/mod/box/box.lua b/mod/box/box.lua
index e5aa65459229484789fa911be9471dbb9339ae14..10d395c3e8f1331ca91c69c09c4aa3db40204d03 100644
--- a/mod/box/box.lua
+++ b/mod/box/box.lua
@@ -324,12 +324,4 @@ function box.on_reload_configuration()
end
end
--- security: nullify some of the most serious os.* holes
-os.execute = nil
-os.exit = nil
-os.rename = nil
-os.tmpname = nil
-os.remove = nil
-require = nil
-
-- vim: set et ts=4 sts
diff --git a/src/tarantool.m b/src/tarantool.m
index cccf7859f03829b32ec3864e3edbbf43ab256a73..742f43e09843ec391a2323b0d20f371fa37856ba 100644
--- a/src/tarantool.m
+++ b/src/tarantool.m
@@ -725,10 +725,10 @@ main(int argc, char **argv)
replication_init();
/*
- * Load user init script.
- * The script should have access to Tarantool Lua API (box.cfg,
- * box.fiber, etc...) that is why script must run only after the server
- * was fully initialized.
+ * Load user init script. The script should have access
+ * to Tarantool Lua API (box.cfg, box.fiber, etc...) that
+ * is why script must run only after the server was fully
+ * initialized.
*/
tarantool_lua_load_init_script(tarantool_L);
diff --git a/src/tarantool_lua.m b/src/tarantool_lua.m
index de5b2d5bfe839ad3bda7605e006f9ddafa3179fa..5eb5709ef24984f7d9a51c75b2e52c4700a4f3ef 100644
--- a/src/tarantool_lua.m
+++ b/src/tarantool_lua.m
@@ -1175,6 +1175,33 @@ load_init_script(void *L_ptr)
*/
}
+/**
+ * Unset functions in the Lua state which can be used to
+ * execute external programs or otherwise introduce a breach
+ * in security.
+ *
+ * @param L is a Lua State.
+ */
+static void
+tarantool_lua_sandbox(struct lua_State *L)
+{
+ /*
+ * Unset some functions for security reasons:
+ * 1. Some os.* functions (like os.execute, os.exit, etc..)
+ * 2. require(), since it can be used to provide access to ffi
+ * or anything else we unset in 1.
+ */
+ int result = tarantool_lua_dostring(L,
+ "os.execute = nil\n"
+ "os.exit = nil\n"
+ "os.rename = nil\n"
+ "os.tmpname = nil\n"
+ "os.remove = nil\n"
+ "require = nil\n");
+ if (result)
+ panic("%s", lua_tostring(L, -1));
+}
+
void
tarantool_lua_load_init_script(struct lua_State *L)
{
@@ -1188,6 +1215,11 @@ tarantool_lua_load_init_script(struct lua_State *L)
struct fiber *loader = fiber_create(TARANTOOL_LUA_INIT_SCRIPT, -1,
load_init_script, L);
fiber_call(loader);
+ /* Outside the startup file require() or ffi are not
+ * allowed.
+ */
+ tarantool_lua_sandbox(tarantool_L);
+
}
/*
diff --git a/test/box/lua.result b/test/box/lua.result
index f8117e9204547ccc58c89f31039fb8b1dfaaa73e..66c25dbaec6d8011f1623346cb9c1a753432d69e 100644
--- a/test/box/lua.result
+++ b/test/box/lua.result
@@ -1220,6 +1220,21 @@ lua box.select(0, 0, 4)
- 4: {8, 16}
...
+# Test bug #1002272
+
+lua floor(0.5)
+---
+ - 0
+...
+lua floor(0.9)
+---
+ - 0
+...
+lua floor(1.1)
+---
+ - 1
+...
+
# clean-up after tests
diff --git a/test/box/lua.test b/test/box/lua.test
index bc89b0d08497ba19d982ec095ef4c39e127ea257..695e845a4b5a2a7d0eb591dc0cdff75c54b5d72a 100644
--- a/test/box/lua.test
+++ b/test/box/lua.test
@@ -415,6 +415,13 @@ exec admin "lua box.select(0, 0, 1)"
exec admin "lua box.select(0, 0, 2)"
exec admin "lua box.select(0, 0, 4)"
+print """
+# Test bug #1002272
+"""
+exec admin "lua floor(0.5)"
+exec admin "lua floor(0.9)"
+exec admin "lua floor(1.1)"
+
print """
# clean-up after tests
"""
diff --git a/test/box/test_init.lua b/test/box/test_init.lua
index f6cc13dc3de026e9abe0f96a3de4e9e414ae5142..36dbdbba17a24c7b40e60951dc162bee836b30df 100644
--- a/test/box/test_init.lua
+++ b/test/box/test_init.lua
@@ -1,4 +1,5 @@
-- testing start-up script
+floor = require("math").floor
--
-- Access to box.cfg from start-up script