Bug#923889: google-compute-image-packages - DoS via serial console write

[Bastian Blank <waldi@debian.org>]

On Thu, Mar 07, 2019 at 02:25:12PM -0800, Ross Vandegrift wrote:
> On Wed, Mar 06, 2019 at 07:49:38PM +0100, Bastian Blank wrote:
> > This package instructs journald to duplicate everything sent to the
> > journal to the serial console.  The serial console is a pretty rate
> > limited log output device and blocking there will make all software with
> > any log output block.
> This doesn't seem to affect all software - I tried to reproduce with
> logger, but it doesn't block.  Maybe this only affects some logging
> transports?

In normal operation, the rate limit of journald might make sure it does
not come to really blocking.

What happens for use cases where you need to disable this rate limit?
Mail servers which Postfix, which exclusively uses syslog that is
redirected to the journal, need this, or they will loose logs.

On Azure we tried the same for a short time period.  It got quiet messy
and also triggered bugs in the platform.

> I agree it's a problematic default - GCE serial console data is
> currently stored unencrypted.  That could be an unpleasent surprise.

I assume the initial goal was to get the log output of the provisioning
daemons on the serial console.  This goal was also mentioned in the
formerly shipped rsyslog config snippet.

Forwarding all log traffic there completely destroys that ability, as it
will be drowned by irrelevant log traffic.  Also the log buffer is
limited in size.

Regards,
Bastian

-- 
Women professionals do tend to over-compensate.
		-- Dr. Elizabeth Dehaver, "Where No Man Has Gone Before",
		   stardate 1312.9.