luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SECURITY-PROCESS.md: Busy-loops are not security problems

Browse Source 
Closes #10790
This commit is contained in:
Daniel Stenberg 2023-03-18 00:08:13 +01:00
parent b00289843a
commit bb334dfdde
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/SECURITY-PROCESS.md
View File

@ -260,3 +260,11 @@ security vulnerabilities.
- virtually every argument can contain sensitive data, depending on use
- blanking all arguments would make it impractical for users to differentiate
curl command lines in process listings
## Busy-loops
Busy-loops that consume 100% CPU time but eventually end (perhaps due to a set
timeout value or otherwise) are not considered security problems. Applications
are supposed to already handle situations when the transfer loop legitimately
consumes 100% CPU time, so while a prolonged such busy-loop is a nasty bug, we
do not consider it a security problem.