os.startfile(): add a C comment on security (#3877)

author Victor Stinner <victor.stinner@gmail.com>

Fri, 13 Oct 2017 20:46:57 +0000 (13:46 -0700)

committer GitHub <noreply@github.com>

Fri, 13 Oct 2017 20:46:57 +0000 (13:46 -0700)
author Victor Stinner <victor.stinner@gmail.com>
Fri, 13 Oct 2017 20:46:57 +0000 (13:46 -0700)
committer GitHub <noreply@github.com>
Fri, 13 Oct 2017 20:46:57 +0000 (13:46 -0700)
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c

index 5f30b202ec61670454d1da8a2b80c178210f24f9..639e45021f28d66c1c074b9f14a4006d3e6ea83d 100644 (file)
--- a/Modules/posixmodule.c
+++ b/Modules/posixmodule.c
@@ -10556,6 +10556,10 @@ check_ShellExecute()
      /* only recheck */
      if (-1 == has_ShellExecute) {
          Py_BEGIN_ALLOW_THREADS
+        /* Security note: this call is not vulnerable to "DLL hijacking".
+           SHELL32 is part of "KnownDLLs" and so Windows always load
+           the system SHELL32.DLL, even if there is another SHELL32.DLL
+           in the DLL search path. */
          hShell32 = LoadLibraryW(L"SHELL32");
          Py_END_ALLOW_THREADS
          if (hShell32) {
author	Victor Stinner <victor.stinner@gmail.com>
	Fri, 13 Oct 2017 20:46:57 +0000 (13:46 -0700)
committer	GitHub <noreply@github.com>
	Fri, 13 Oct 2017 20:46:57 +0000 (13:46 -0700)