Pickle containing files (PT / CKPT ) - safe to use on repo? #965
Unanswered
TheOnlyHolyMoly
asked this question in
Q&A
Replies: 1 comment
-
it was built-in for a long time, but i've never actually found an attack vector anywhere so currently its disabled. idea of attack via pt/ckpt is more of a theory than anything. if anyone can show me more than theorhetical attack, i'll re-enable it. in reality, you're at muuuch higher risk due to bad extension and installing extension gives it full rights to do anything it wants (and i've seen some bad ones for sure). |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
probably a question that ya'll know the answer to. Is the standard loading mechanism for pickle files such as embeddings/TI (.pt files) and checkpoints (ckpt files) now so safe that I can just use them without worrying or do I still need to pickle-scan and/or convert externally?
Beta Was this translation helpful? Give feedback.
All reactions