2011/1/25 KaiGai Kohei <kaigai@ak.jp.nec.com>:
> (2011/01/26 12:23), KaiGai Kohei wrote:
>>>> Yikes. On further examination, exec_object_restorecon() is pretty
>>>> bogus. Surely you need some calls to quote_literal_cstr() in there
>>>> someplace.
>>>
>> Are you concerning about the object name being supplied to
>> selabel_lookup_raw() in exec_object_restorecon()?
>> I also think this quoting you suggested is reasonable.
>>
> How about the case when the object name only contains alphabet and
> numerical characters?
Oh, quote_literal_cstr() is the wrong function - these are
identifiers, not literals. So we should use quote_identifier().
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company