Bug#923889: google-compute-image-packages - DoS via serial console write
On Wed, Mar 06, 2019 at 07:49:38PM +0100, Bastian Blank wrote:
> This package instructs journald to duplicate everything sent to the
> journal to the serial console. The serial console is a pretty rate
> limited log output device and blocking there will make all software with
> any log output block.
This doesn't seem to affect all software - I tried to reproduce with
logger, but it doesn't block. Maybe this only affects some logging
transports?
I agree it's a problematic default - GCE serial console data is
currently stored unencrypted. That could be an unpleasent surprise.
Ross
Reply to: