Bug#923889: google-compute-image-packages - DoS via serial console write
On 3/7/19 11:25 PM, Ross Vandegrift wrote:
> On Wed, Mar 06, 2019 at 07:49:38PM +0100, Bastian Blank wrote:
>> This package instructs journald to duplicate everything sent to the
>> journal to the serial console. The serial console is a pretty rate
>> limited log output device and blocking there will make all software with
>> any log output block.
>
> This doesn't seem to affect all software - I tried to reproduce with
> logger, but it doesn't block. Maybe this only affects some logging
> transports?
>
> I agree it's a problematic default - GCE serial console data is
> currently stored unencrypted. That could be an unpleasent surprise.
>
> Ross
Ross,
Bastian is right that what's been done is a very bad idea. I would
suggest that you the issue is taken seriously, and the change be
reverted. In many situation, the serial port wont be fast enough.
Cheers,
Thomas Goirand (zigo)
Reply to: