summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVictor Stinner <victor.stinner@gmail.com>2017-10-13 20:46:57 (GMT)
committerGitHub <noreply@github.com>2017-10-13 20:46:57 (GMT)
commita99121526a14e7710843aa5dd6ac82a779542dfb (patch)
tree841e127711629f03e087a4fc91804fb24dcd5320
parentccef823939d4ef602f2d8d13d0bfec29eda597a5 (diff)
downloadcpython-a99121526a14e7710843aa5dd6ac82a779542dfb.zip
cpython-a99121526a14e7710843aa5dd6ac82a779542dfb.tar.gz
cpython-a99121526a14e7710843aa5dd6ac82a779542dfb.tar.bz2
os.startfile(): add a C comment on security (#3877)
LoadLibrary("SHELL32") is not vulnerable to DLL hijacking.
-rw-r--r--Modules/posixmodule.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
index 5f30b20..639e450 100644
--- a/Modules/posixmodule.c
+++ b/Modules/posixmodule.c
@@ -10556,6 +10556,10 @@ check_ShellExecute()
/* only recheck */
if (-1 == has_ShellExecute) {
Py_BEGIN_ALLOW_THREADS
+ /* Security note: this call is not vulnerable to "DLL hijacking".
+ SHELL32 is part of "KnownDLLs" and so Windows always load
+ the system SHELL32.DLL, even if there is another SHELL32.DLL
+ in the DLL search path. */
hShell32 = LoadLibraryW(L"SHELL32");
Py_END_ALLOW_THREADS
if (hShell32) {