Security: Make trust_remote_code configurable with safe default#3642
Open
deosha wants to merge 1 commit intonomic-ai:mainfrom
Open
Security: Make trust_remote_code configurable with safe default#3642deosha wants to merge 1 commit intonomic-ai:mainfrom
deosha wants to merge 1 commit intonomic-ai:mainfrom
Conversation
The trust_remote_code=True parameter in AutoModelForCausalLM.from_pretrained() allows arbitrary Python code execution from model repositories. This is a security risk as malicious model repos could execute arbitrary code. Changes: - Make trust_remote_code configurable via config file (default: False) - Add warning message when trust_remote_code is enabled - Affected files: train.py, inference.py Users who need trust_remote_code for specific models can enable it by adding `trust_remote_code: true` to their config file. Identified using aisentry: https://aisentry.co Signed-off-by: Deo Shankar <deo@Deos-MacBook-Pro.local>
deosha
force-pushed
the
fix/trust-remote-code-security
branch
from
7a89b0f to
c415798
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR addresses a security concern in the training scripts where
trust_remote_code=Trueis hardcoded when loading models via HuggingFace transformers.Changes:
trust_remote_codeconfigurable via the config file (default:False)trust_remote_code=Trueis enabledtrain.pyandinference.pySecurity Context
The
trust_remote_code=Trueparameter allows arbitrary Python code execution from model repositories. While this is sometimes necessary for custom model architectures, it poses a security risk if:By making this configurable with a safe default, users must explicitly opt-in to this behavior.
Identified using aisentry.
Usage
To enable trust_remote_code when needed, add to your config:
Test plan