v_kyr Posted January 30, 2023 Share Posted January 30, 2023 I've recently saw by random, during some script app parsing under MacOS, that all the ICC profiles inside the installed Affinity apps (APh, ADe, APub) have execution permissions ... > cd "/Applications/Affinity Photo.app/Contents/Resources" [/Applications/Affinity Photo.app/Contents/Resources] ○ > ll *.icc -rwxr-xr-x 1 root wheel 560 Apr 10 2021 AdobeRGB1998.icc -rwxr-xr-x 1 root wheel 552 Apr 10 2021 AppleRGB.icc -rwxr-xr-x 1 root wheel 557120 Apr 10 2021 CoatedFOGRA27.icc -rwxr-xr-x 1 root wheel 654352 Apr 10 2021 CoatedFOGRA39.icc -rwxr-xr-x 1 root wheel 560 Apr 10 2021 ColorMatchRGB.icc -rwxr-xr-x 1 root wheel 557168 Apr 10 2021 JapanColor2001Coated.icc -rwxr-xr-x 1 root wheel 557168 Apr 10 2021 JapanColor2001Uncoated.icc -rwxr-xr-x 1 root wheel 557172 Apr 10 2021 JapanColor2002Newspaper.icc -rwxr-xr-x 1 root wheel 557164 Apr 10 2021 JapanWebCoated.icc -rwxr-xr-x 1 root wheel 557168 Apr 10 2021 USSheetfedCoated.icc -rwxr-xr-x 1 root wheel 557168 Apr 10 2021 USSheetfedUncoated.icc -rwxr-xr-x 1 root wheel 557168 Apr 10 2021 USWebCoatedSWOP.icc -rwxr-xr-x 1 root wheel 557164 Apr 10 2021 USWebUncoated.icc -rwxr-xr-x 1 root wheel 654140 Apr 10 2021 UncoatedFOGRA29.icc -rwxr-xr-x 1 root wheel 654140 Apr 10 2021 WebCoatedFOGRA28.icc ... why are those icc-files flagged as being executables at all here? MattP and loukash 1 1 Quote ☛ Affinity Designer 1.10.8 ◆ Affinity Photo 1.10.8 ◆ Affinity Publisher 1.10.8 ◆ OSX El Capitan ☛ Affinity V2.3 apps ◆ MacOS Sonoma 14.2 ◆ iPad OS 17.2 Link to comment Share on other sites More sharing options...
Staff MattP Posted January 30, 2023 Staff Share Posted January 30, 2023 Absolutely no idea - but I can guarantee you it's not doing anything naughty in any way. I'll try to find out. Where are the apps from? (Affinity Store or Mac App Store)? Quote Link to comment Share on other sites More sharing options...
loukash Posted January 30, 2023 Share Posted January 30, 2023 8 minutes ago, MattP said: Where are the apps from? If they are root/wheel, those would be from MAS. MattP 1 Quote MacBookAir 15": MacOS Ventura > Affinity v1, v2, v2 beta // MacBookPro 15" mid-2012: MacOS El Capitan > Affinity v1 / MacOS Catalina > Affinity v1, v2, v2 beta // iPad 8th: iPadOS 16 > Affinity v2 Link to comment Share on other sites More sharing options...
loukash Posted January 30, 2023 Share Posted January 30, 2023 But it also affects the "self-installed" versions, only that those are "myname"/admin. Quote MacBookAir 15": MacOS Ventura > Affinity v1, v2, v2 beta // MacBookPro 15" mid-2012: MacOS El Capitan > Affinity v1 / MacOS Catalina > Affinity v1, v2, v2 beta // iPad 8th: iPadOS 16 > Affinity v2 Link to comment Share on other sites More sharing options...
loukash Posted January 30, 2023 Share Posted January 30, 2023 It affects v1 and v2. It does not affect profiles in /Contents/Resources/etc/colour Quote MacBookAir 15": MacOS Ventura > Affinity v1, v2, v2 beta // MacBookPro 15" mid-2012: MacOS El Capitan > Affinity v1 / MacOS Catalina > Affinity v1, v2, v2 beta // iPad 8th: iPadOS 16 > Affinity v2 Link to comment Share on other sites More sharing options...
LondonSquirrel Posted January 30, 2023 Share Posted January 30, 2023 (edited) 14 hours ago, v_kyr said: ... why are those icc-files flagged as being executables at all here? Some PNG files in the same directory are also marked executable, also quite a few PNGs in the Help directory. I noticed this previously. [aaa@bbb:16:50:42:/Applications] (526) % find Affinity\ Photo.app -type f -perm 0755 -ls Edited January 30, 2023 by LondonSquirrel To show the find command Quote Link to comment Share on other sites More sharing options...
v_kyr Posted January 30, 2023 Author Share Posted January 30, 2023 2 hours ago, MattP said: Absolutely no idea - but I can guarantee you it's not doing anything naughty in any way. I'll try to find out. Where are the apps from? (Affinity Store or Mac App Store)? ADe v1 from MAS APh v1 from MAS APub v1 from the Affinity Store BTW I stumbled about it when performing architecture thinning test runs (stripping out arm64 architecture of Affinity apps). One of my initial Python scripting routines prechecks for executables ... def is_mach_exe(path): if os.path.islink(path): return False if not os.access(path, os.X_OK): return False output = subprocess.check_output([FILE, "--mime-type", path]) return output.split()[-1].decode() == "application/octet-stream" ... and afterwards tries to execute lipo -info on the executables, in order to determine incl. architectures (...here then falsly the ICC files too) via a subprocess, which of course generates lipo errors in this case. - So I had to remove execution permissions for the ICC files. And in order to be sure, also for future possible new Affinity installments to not run into the same trap, I had excluded ICC files generally from the overall file scanning process. So as you can see, even it might not doing anything naughty, it can irritate and stop other apps/processes from operating correctly! Quote ☛ Affinity Designer 1.10.8 ◆ Affinity Photo 1.10.8 ◆ Affinity Publisher 1.10.8 ◆ OSX El Capitan ☛ Affinity V2.3 apps ◆ MacOS Sonoma 14.2 ◆ iPad OS 17.2 Link to comment Share on other sites More sharing options...
v_kyr Posted January 30, 2023 Author Share Posted January 30, 2023 2 hours ago, LondonSquirrel said: Some PNG files in the same directory are also marked executable, also quite a few PNGs in the Help directory. ... Jip, these here ... Quote ☛ Affinity Designer 1.10.8 ◆ Affinity Photo 1.10.8 ◆ Affinity Publisher 1.10.8 ◆ OSX El Capitan ☛ Affinity V2.3 apps ◆ MacOS Sonoma 14.2 ◆ iPad OS 17.2 Link to comment Share on other sites More sharing options...
LondonSquirrel Posted January 30, 2023 Share Posted January 30, 2023 1 hour ago, v_kyr said: One of my initial Python scripting routines prechecks for executables A question for you. On macOS, why are shared libraries marked as executable? On FreeBSD, all the base libraries are mode 0444. Many ports will install shared libraries with mode 0755 because that's the way they come out of cc by default. But they don't need to be (AFAIK). Things in libexec are actually programs rather than shared libraries so they are executable. Later versions of Solaris (from 11 and maybe from the last of the 10s) mostly has 0444 for system libraries. Some things are marked executable. Older versions had heaps of stuff marked as executable, but of course you couldn't actually do anything with it except (in nearly all cases) get a segmentation fault. FreeBSD: [aaa@dog:20:39:10:/lib] (559) # ls -l libc.so.7 -r--r--r-- 1 root wheel 1955744 Jun 1 2022 libc.so.7 Solaris 11: [aaa@chunky:20:40:56:/lib] (97) % ls -l libc.so.1 -r-xr-xr-x 1 root root 2605680 Mar 11 2022 libc.so.1 I don't know about macOS. Hence for general knowledge I am asking. Quote Link to comment Share on other sites More sharing options...
v_kyr Posted January 30, 2023 Author Share Posted January 30, 2023 An overall good question! Since they contain Mach-O executable code and differ here from Unix ELF format in general. - For deeper excursions into that theme see ... What are the differences between .so and .dylib on macOS? Why are shared libraries executable? Why should or should not shared libraries be executable ... Using Dynamic Libraries (MacOS) man dyld ... @executable_path/ ... Loading dynamic libraries on Mac Shared Libraries: Understanding Dynamic Loading Prebinding LondonSquirrel 1 Quote ☛ Affinity Designer 1.10.8 ◆ Affinity Photo 1.10.8 ◆ Affinity Publisher 1.10.8 ◆ OSX El Capitan ☛ Affinity V2.3 apps ◆ MacOS Sonoma 14.2 ◆ iPad OS 17.2 Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.