diff options
author | Daniel Stenberg <daniel@haxx.se> | 2023-03-18 00:08:13 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2023-03-18 09:59:23 +0100 |
commit | bb334dfdde73fba5601565f47572ec10c67bc62b (patch) | |
tree | b94de448cba1d7a429dd18fbac6944118f3209c9 /docs | |
parent | b00289843a73e5ca032f993128797d7c265b6e58 (diff) | |
download | curl-bb334dfdde73fba5601565f47572ec10c67bc62b.tar.gz |
SECURITY-PROCESS.md: Busy-loops are not security problems
Closes #10790
Diffstat (limited to 'docs')
-rw-r--r-- | docs/SECURITY-PROCESS.md | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md index 89026b644..1e85805d7 100644 --- a/docs/SECURITY-PROCESS.md +++ b/docs/SECURITY-PROCESS.md @@ -260,3 +260,11 @@ security vulnerabilities. - virtually every argument can contain sensitive data, depending on use - blanking all arguments would make it impractical for users to differentiate curl command lines in process listings + +## Busy-loops + +Busy-loops that consume 100% CPU time but eventually end (perhaps due to a set +timeout value or otherwise) are not considered security problems. Applications +are supposed to already handle situations when the transfer loop legitimately +consumes 100% CPU time, so while a prolonged such busy-loop is a nasty bug, we +do not consider it a security problem. |