From a99121526a14e7710843aa5dd6ac82a779542dfb Mon Sep 17 00:00:00 2001
From: Victor Stinner <victor.stinner@gmail.com>
Date: Fri, 13 Oct 2017 13:46:57 -0700
Subject: [PATCH] os.startfile(): add a C comment on security (#3877)

LoadLibrary("SHELL32") is not vulnerable to DLL hijacking.
---
 Modules/posixmodule.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
index 5f30b202ec..639e45021f 100644
--- a/Modules/posixmodule.c
+++ b/Modules/posixmodule.c
@@ -10556,6 +10556,10 @@ check_ShellExecute()
     /* only recheck */
     if (-1 == has_ShellExecute) {
         Py_BEGIN_ALLOW_THREADS
+        /* Security note: this call is not vulnerable to "DLL hijacking".
+           SHELL32 is part of "KnownDLLs" and so Windows always load
+           the system SHELL32.DLL, even if there is another SHELL32.DLL
+           in the DLL search path. */
         hShell32 = LoadLibraryW(L"SHELL32");
         Py_END_ALLOW_THREADS
         if (hShell32) {
-- 
2.40.0