os.startfile(): add a C comment on security (#3877) LoadLibrary("SHELL32") is not vulnerable to DLL hijacking.

commit: a99121526a14e7710843aa5dd6ac82a779542dfb [log] [tgz]
author: Victor Stinner <victor.stinner@gmail.com> Fri Oct 13 13:46:57 2017 -0700
committer: GitHub <noreply@github.com> Fri Oct 13 13:46:57 2017 -0700
tree: 841e127711629f03e087a4fc91804fb24dcd5320
parent: ccef823939d4ef602f2d8d13d0bfec29eda597a5 [diff]
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
index 5f30b20..639e450 100644
--- a/Modules/posixmodule.c
+++ b/Modules/posixmodule.c

@@ -10556,6 +10556,10 @@
     /* only recheck */
     if (-1 == has_ShellExecute) {
         Py_BEGIN_ALLOW_THREADS
+        /* Security note: this call is not vulnerable to "DLL hijacking".
+           SHELL32 is part of "KnownDLLs" and so Windows always load
+           the system SHELL32.DLL, even if there is another SHELL32.DLL
+           in the DLL search path. */
         hShell32 = LoadLibraryW(L"SHELL32");
         Py_END_ALLOW_THREADS
         if (hShell32) {
commit	a99121526a14e7710843aa5dd6ac82a779542dfb	[log] [tgz]
author	Victor Stinner <victor.stinner@gmail.com>	Fri Oct 13 13:46:57 2017 -0700
committer	GitHub <noreply@github.com>	Fri Oct 13 13:46:57 2017 -0700
tree	841e127711629f03e087a4fc91804fb24dcd5320
parent	ccef823939d4ef602f2d8d13d0bfec29eda597a5 [diff]