SECURITY-PROCESS.md: Busy-loops are not security problems

Closes #10790
author: Daniel Stenberg <daniel@haxx.se> 2023-03-18 00:08:13 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2023-03-18 09:59:23 +0100
commit: bb334dfdde73fba5601565f47572ec10c67bc62b (patch)
tree: b94de448cba1d7a429dd18fbac6944118f3209c9 /docs
parent: b00289843a73e5ca032f993128797d7c265b6e58 (diff)
download: curl-bb334dfdde73fba5601565f47572ec10c67bc62b.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md
index 89026b644..1e85805d7 100644
--- a/docs/SECURITY-PROCESS.md
+++ b/docs/SECURITY-PROCESS.md
@@ -260,3 +260,11 @@ security vulnerabilities.
  - virtually every argument can contain sensitive data, depending on use
  - blanking all arguments would make it impractical for users to differentiate
    curl command lines in process listings
+
+## Busy-loops
+
+Busy-loops that consume 100% CPU time but eventually end (perhaps due to a set
+timeout value or otherwise) are not considered security problems. Applications
+are supposed to already handle situations when the transfer loop legitimately
+consumes 100% CPU time, so while a prolonged such busy-loop is a nasty bug, we
+do not consider it a security problem.
author	Daniel Stenberg <daniel@haxx.se>	2023-03-18 00:08:13 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2023-03-18 09:59:23 +0100
commit	bb334dfdde73fba5601565f47572ec10c67bc62b (patch)
tree	b94de448cba1d7a429dd18fbac6944118f3209c9 /docs
parent	b00289843a73e5ca032f993128797d7c265b6e58 (diff)
download	curl-bb334dfdde73fba5601565f47572ec10c67bc62b.tar.gz