os.startfile(): add a C comment on security (#3877)

LoadLibrary("SHELL32") is not vulnerable to DLL hijacking.

os.startfile(): add a C comment on security (#3877)
LoadLibrary("SHELL32") is not vulnerable to DLL hijacking.
a9912152 · Victor Stinner · GitHub · ccef8239 · a9912152
Kaydet (Commit) a9912152 authored Eki 13, 2017 tarafından Victor Stinner Kaydeden (comit) GitHub Eki 13, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

posixmodule.c Modules/posixmodule.c +4 -0

No files found.
--- a/Modules/posixmodule.c
+++ b/Modules/posixmodule.c
@@ -10556,6 +10556,10 @@ check_ShellExecute()
    /* only recheck */
    if (-1 == has_ShellExecute) {
        Py_BEGIN_ALLOW_THREADS
+        /* Security note: this call is not vulnerable to "DLL hijacking".
+           SHELL32 is part of "KnownDLLs" and so Windows always load
+           the system SHELL32.DLL, even if there is another SHELL32.DLL
+           in the DLL search path. */
        hShell32 = LoadLibraryW(L"SHELL32");
        Py_END_ALLOW_THREADS
        if (hShell32) {