[Security][8.18] Document enhanced Linux process command line visibility #275
Assignees
Labels
documentation
Improvements or additions to documentation
enhancement
New feature or request
Team: Security
Comments
benironside
added
documentation
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
On Linux systems with kernel versions below 5.10.16 (basically the systems that leverage kprobe for instrumentation), process command lines get cut off after 800 characters. This creates a security risk, attackers could hide malicious payloads by adding them after the 800 character limit.
We're going to change this behavior and need to document the new limits and truncation behavior.
Resources
https://github.com/elastic/security-team/issues/11339
Which documentation set does this change impact?
Elastic On-Prem and Cloud (all)
Feature differences
What release is this request related to?
8.18
Collaboration model
The documentation team
Point of contact.
Main contact: @nick-alayil
Stakeholders:
The text was updated successfully, but these errors were encountered: