Jump to content
You must now use your email address to sign in [click for more info] ×

Affinity apps internal supplied ICC profiles have execute permission ( x ) set, for what?


Recommended Posts

I've recently saw by random, during some script app parsing under MacOS, that all the ICC profiles inside the installed Affinity apps (APh, ADe, APub) have execution permissions ...

> cd "/Applications/Affinity Photo.app/Contents/Resources"                                                                                                                              
[/Applications/Affinity Photo.app/Contents/Resources] ○                                                                                    
                                                                                                                                                > ll *.icc                                                                                                                                      -rwxr-xr-x  1 root  wheel     560 Apr 10  2021 AdobeRGB1998.icc                                                                                -rwxr-xr-x  1 root  wheel     552 Apr 10  2021 AppleRGB.icc                                                                                    -rwxr-xr-x  1 root  wheel  557120 Apr 10  2021 CoatedFOGRA27.icc                                                                                -rwxr-xr-x  1 root  wheel  654352 Apr 10  2021 CoatedFOGRA39.icc                                                                                -rwxr-xr-x  1 root  wheel     560 Apr 10  2021 ColorMatchRGB.icc                                                                                -rwxr-xr-x  1 root  wheel  557168 Apr 10  2021 JapanColor2001Coated.icc                                                                        -rwxr-xr-x  1 root  wheel  557168 Apr 10  2021 JapanColor2001Uncoated.icc                                                                      -rwxr-xr-x  1 root  wheel  557172 Apr 10  2021 JapanColor2002Newspaper.icc                                                                      -rwxr-xr-x  1 root  wheel  557164 Apr 10  2021 JapanWebCoated.icc                                                                              -rwxr-xr-x  1 root  wheel  557168 Apr 10  2021 USSheetfedCoated.icc                                                                            -rwxr-xr-x  1 root  wheel  557168 Apr 10  2021 USSheetfedUncoated.icc                                                                          -rwxr-xr-x  1 root  wheel  557168 Apr 10  2021 USWebCoatedSWOP.icc                                                                              -rwxr-xr-x  1 root  wheel  557164 Apr 10  2021 USWebUncoated.icc                                                                                -rwxr-xr-x  1 root  wheel  654140 Apr 10  2021 UncoatedFOGRA29.icc                                                                              -rwxr-xr-x  1 root  wheel  654140 Apr 10  2021 WebCoatedFOGRA28.icc

... why are those icc-files flagged as being executables at all here?

☛ Affinity Designer 1.10.8 ◆ Affinity Photo 1.10.8 ◆ Affinity Publisher 1.10.8 ◆ OSX El Capitan
☛ Affinity V2.3 apps ◆ MacOS Sonoma 14.2 ◆ iPad OS 17.2

Link to comment
Share on other sites

8 minutes ago, MattP said:

Where are the apps from?

If they are root/wheel, those would be from MAS.

MacBookAir 15": MacOS Ventura > Affinity v1, v2, v2 beta // MacBookPro 15" mid-2012: MacOS El Capitan > Affinity v1 / MacOS Catalina > Affinity v1, v2, v2 beta // iPad 8th: iPadOS 16 > Affinity v2

Link to comment
Share on other sites

But it also affects the "self-installed" versions, only that those are "myname"/admin.

MacBookAir 15": MacOS Ventura > Affinity v1, v2, v2 beta // MacBookPro 15" mid-2012: MacOS El Capitan > Affinity v1 / MacOS Catalina > Affinity v1, v2, v2 beta // iPad 8th: iPadOS 16 > Affinity v2

Link to comment
Share on other sites

It affects v1 and v2.

It does not affect profiles in /Contents/Resources/etc/colour

MacBookAir 15": MacOS Ventura > Affinity v1, v2, v2 beta // MacBookPro 15" mid-2012: MacOS El Capitan > Affinity v1 / MacOS Catalina > Affinity v1, v2, v2 beta // iPad 8th: iPadOS 16 > Affinity v2

Link to comment
Share on other sites

14 hours ago, v_kyr said:

... why are those icc-files flagged as being executables at all here?

Some PNG files in the same directory are also marked executable, also quite a few PNGs in the Help directory. I noticed this previously.

[aaa@bbb:16:50:42:/Applications] (526) % find Affinity\ Photo.app -type f -perm 0755 -ls

 

Edited by LondonSquirrel
To show the find command
Link to comment
Share on other sites

2 hours ago, MattP said:

Absolutely no idea - but I can guarantee you it's not doing anything naughty in any way. I'll try to find out. Where are the apps from? (Affinity Store or Mac App Store)? 

  • ADe v1 from MAS
  • APh v1 from MAS
  • APub v1 from the Affinity Store

BTW I stumbled about it when performing architecture thinning test runs (stripping out arm64 architecture of Affinity apps). One of my initial Python scripting routines prechecks for executables ...
 

def is_mach_exe(path):
    if os.path.islink(path):
        return False

    if not os.access(path, os.X_OK):
        return False

    output = subprocess.check_output([FILE, "--mime-type", path])
    return output.split()[-1].decode() == "application/octet-stream"

... and afterwards tries to execute lipo -info on the executables, in order to determine incl. architectures (...here then falsly the ICC files too) via a subprocess, which of course generates lipo errors in this case. - So I had to remove execution permissions for the ICC files. And in order to be sure, also for future possible new Affinity installments to not run into the same trap, I had excluded ICC files generally from the overall file scanning process.

So as you can see, even it might not doing anything naughty, it can irritate and stop other apps/processes from operating correctly!

☛ Affinity Designer 1.10.8 ◆ Affinity Photo 1.10.8 ◆ Affinity Publisher 1.10.8 ◆ OSX El Capitan
☛ Affinity V2.3 apps ◆ MacOS Sonoma 14.2 ◆ iPad OS 17.2

Link to comment
Share on other sites

2 hours ago, LondonSquirrel said:

Some PNG files in the same directory are also marked executable, also quite a few PNGs in the Help directory. ...

Jip, these here ...

png-exes.png.a1d8591f13b2e508e1148eab5e16c46b.png

☛ Affinity Designer 1.10.8 ◆ Affinity Photo 1.10.8 ◆ Affinity Publisher 1.10.8 ◆ OSX El Capitan
☛ Affinity V2.3 apps ◆ MacOS Sonoma 14.2 ◆ iPad OS 17.2

Link to comment
Share on other sites

1 hour ago, v_kyr said:

One of my initial Python scripting routines prechecks for executables

A question for you. On macOS, why are shared libraries marked as executable? 

On FreeBSD, all the base libraries are mode 0444. Many ports will install shared libraries with mode 0755 because that's the way they come out of cc by default. But they don't need to be (AFAIK). Things in libexec are actually programs rather than shared libraries so they are executable.

Later versions of Solaris (from 11 and maybe from the last of the 10s) mostly has 0444 for system libraries. Some things are marked executable. Older versions had heaps of stuff marked as executable, but of course you couldn't actually do anything with it except (in nearly all cases) get a segmentation fault. 

FreeBSD:
[aaa@dog:20:39:10:/lib] (559) # ls -l libc.so.7
-r--r--r--  1 root  wheel  1955744 Jun  1  2022 libc.so.7

Solaris 11:
[aaa@chunky:20:40:56:/lib] (97) % ls -l libc.so.1
-r-xr-xr-x   1 root     root     2605680 Mar 11  2022 libc.so.1

I don't know about macOS. Hence for general knowledge I am asking.

Link to comment
Share on other sites

An overall good question!

Since they contain Mach-O executable code and differ here from Unix ELF format in general. - For deeper excursions into that theme see ...

☛ Affinity Designer 1.10.8 ◆ Affinity Photo 1.10.8 ◆ Affinity Publisher 1.10.8 ◆ OSX El Capitan
☛ Affinity V2.3 apps ◆ MacOS Sonoma 14.2 ◆ iPad OS 17.2

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.