[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#923889: google-compute-image-packages - DoS via serial console write

On 3/7/19 11:25 PM, Ross Vandegrift wrote:
> On Wed, Mar 06, 2019 at 07:49:38PM +0100, Bastian Blank wrote:
>> This package instructs journald to duplicate everything sent to the
>> journal to the serial console.  The serial console is a pretty rate
>> limited log output device and blocking there will make all software with
>> any log output block.
> This doesn't seem to affect all software - I tried to reproduce with
> logger, but it doesn't block.  Maybe this only affects some logging
> transports?
> I agree it's a problematic default - GCE serial console data is
> currently stored unencrypted.  That could be an unpleasent surprise.
> Ross


Bastian is right that what's been done is a very bad idea. I would
suggest that you the issue is taken seriously, and the change be
reverted. In many situation, the serial port wont be fast enough.


Thomas Goirand (zigo)

Reply to: