Bug#923889: google-compute-image-packages - DoS via serial console write

[Ross Vandegrift <rvandegrift@debian.org>]

On Fri, Mar 08, 2019 at 10:59:33AM +0100, Bastian Blank wrote:
> In normal operation, the rate limit of journald might make sure it does
> not come to really blocking.

Ahh, that would do it, thanks.

> What happens for use cases where you need to disable this rate limit?
> Mail servers which Postfix, which exclusively uses syslog that is
> redirected to the journal, need this, or they will loose logs.
> 
> On Azure we tried the same for a short time period.  It got quiet messy
> and also triggered bugs in the platform.

For sure - I wasn't defending the change, just surprised when I couldn't
reproduce the problem.

> I assume the initial goal was to get the log output of the provisioning
> daemons on the serial console.  This goal was also mentioned in the
> formerly shipped rsyslog config snippet.
>
> Forwarding all log traffic there completely destroys that ability, as it
> will be drowned by irrelevant log traffic.  Also the log buffer is
> limited in size.

Yep, agreed.

Ross