os.startfile(): add a C comment on security (#3877)

LoadLibrary("SHELL32") is not vulnerable to DLL hijacking.
author: Victor Stinner <victor.stinner@gmail.com> 2017-10-13 20:46:57 (GMT)
committer: GitHub <noreply@github.com> 2017-10-13 20:46:57 (GMT)
commit: a99121526a14e7710843aa5dd6ac82a779542dfb (patch)
tree: 841e127711629f03e087a4fc91804fb24dcd5320 /Modules
parent: ccef823939d4ef602f2d8d13d0bfec29eda597a5 (diff)
download: cpython-a99121526a14e7710843aa5dd6ac82a779542dfb.zip
cpython-a99121526a14e7710843aa5dd6ac82a779542dfb.tar.gz
cpython-a99121526a14e7710843aa5dd6ac82a779542dfb.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
index 5f30b20..639e450 100644
--- a/Modules/posixmodule.c
+++ b/Modules/posixmodule.c
@@ -10556,6 +10556,10 @@ check_ShellExecute()
     /* only recheck */
     if (-1 == has_ShellExecute) {
         Py_BEGIN_ALLOW_THREADS
+        /* Security note: this call is not vulnerable to "DLL hijacking".
+           SHELL32 is part of "KnownDLLs" and so Windows always load
+           the system SHELL32.DLL, even if there is another SHELL32.DLL
+           in the DLL search path. */
         hShell32 = LoadLibraryW(L"SHELL32");
         Py_END_ALLOW_THREADS
         if (hShell32) {
author	Victor Stinner <victor.stinner@gmail.com>	2017-10-13 20:46:57 (GMT)
committer	GitHub <noreply@github.com>	2017-10-13 20:46:57 (GMT)
commit	a99121526a14e7710843aa5dd6ac82a779542dfb (patch)
tree	841e127711629f03e087a4fc91804fb24dcd5320 /Modules
parent	ccef823939d4ef602f2d8d13d0bfec29eda597a5 (diff)
download	cpython-a99121526a14e7710843aa5dd6ac82a779542dfb.zip cpython-a99121526a14e7710843aa5dd6ac82a779542dfb.tar.gz cpython-a99121526a14e7710843aa5dd6ac82a779542dfb.tar.bz2