1
19.1 Legacy Series / what the hell is a C++ compiler doing on my system ???
« on: February 25, 2019, 03:36:02 pm »
Hello,
Searching for big files on my system I found really unexpected things on pfSense...
What are doing on a firewall production system compiler/linker and other tools ?
This is nut. This is like giving a saw to prisoner and make him swear to not use it to get out of jail !
I was a developper on IPCop 1.4 series and the rule was pretty simple : nothing that is strictly necessary to run the thing is included is the production .iso file. But you are free to install any addon you'd like.
On 19.1.1 you can compile "Hello wolrd" right out of the box. Insane. The distribution is bloated with header files, static libs and so on.
You can even ssh anywhere. What is ssh client doing here ?
Or things like pkg ??
A firewall is not an everyday workstation. Of course it must provide a basic env to administer the system ( sed, grep, find, vi, ...) but nothing more.
The addition of a required tool on ipcop was (simplified):
-describe the package (version, source, etc etc)
-snapshot of file structure
-build+install the tool
-snapshot to get new files added
-manually construc file list of required files to be in the final .iso
meaning all help files, man pages, examples, compilation files were never present on final product (and none of the compilers of course).
Franck
Searching for big files on my system I found really unexpected things on pfSense...
What are doing on a firewall production system compiler/linker and other tools ?
This is nut. This is like giving a saw to prisoner and make him swear to not use it to get out of jail !
I was a developper on IPCop 1.4 series and the rule was pretty simple : nothing that is strictly necessary to run the thing is included is the production .iso file. But you are free to install any addon you'd like.
On 19.1.1 you can compile "Hello wolrd" right out of the box. Insane. The distribution is bloated with header files, static libs and so on.
You can even ssh anywhere. What is ssh client doing here ?
Or things like pkg ??
A firewall is not an everyday workstation. Of course it must provide a basic env to administer the system ( sed, grep, find, vi, ...) but nothing more.
The addition of a required tool on ipcop was (simplified):
-describe the package (version, source, etc etc)
-snapshot of file structure
-build+install the tool
-snapshot to get new files added
-manually construc file list of required files to be in the final .iso
meaning all help files, man pages, examples, compilation files were never present on final product (and none of the compilers of course).
Franck