>> The intention for '-xattr' was to keep it generic, it cropped up as
>> a by-productfrom working on the '-cap' functionality. Were there any
>> particular designpoints you had in mind?
>I know nothing about attributes. But it would probably be useful to
>discuss what -xattr *should* do before you spend time writing code to
Hi Dale .. extended attributes are basically key/value pairs, all the xattr code does
currently is a simple regex match against the names of any extended attributes
that may be present for the file.
Capabilities are also stored as extended attributes so the '-cap' test is
specifically to perform a regex match against the value of the security.capability
extended attribute if it's present.
My initial use case was to find files that had SUID/SGID capabilities set.
It actually didn't take long to write the PoC utilities but I'm happy to accept
any suggestions ..