Bug#923889: google-compute-image-packages - DoS via serial console write

[Ross Vandegrift <rvandegrift@debian.org>]

On Wed, Mar 06, 2019 at 07:49:38PM +0100, Bastian Blank wrote:
> This package instructs journald to duplicate everything sent to the
> journal to the serial console.  The serial console is a pretty rate
> limited log output device and blocking there will make all software with
> any log output block.

This doesn't seem to affect all software - I tried to reproduce with
logger, but it doesn't block.  Maybe this only affects some logging
transports?

I agree it's a problematic default - GCE serial console data is
currently stored unencrypted.  That could be an unpleasent surprise.

Ross