More improvements to the documentation on model persistence #29011
Conversation
| format, and therefore a sandbox used to serve models using `ONNX` also needs to | ||
| safeguard against computational and memory exploits. | ||
| format, and it is therefore recommended to serve models using `ONNX` in a | ||
| sandboxed environment to safeguard against computational and memory exploits. |
There was a problem hiding this comment.
@adrinjalali do you have a good reference for the threat model of loading ONNX files from untrusted origins?
It seems that is has some filesystem access (via External Data Files) but overall it seems quite safe to load and run inference on untrusted ONNX files with onnxruntime (assuming no security bugs in onnxruntime itself).
There was a problem hiding this comment.
I agree with the assessment. It's much better than loading pickle, and the potential issues can be handled if one limits the resources available to the onnxruntime via sandboxing.
| format, and therefore a sandbox used to serve models using `ONNX` also needs to | ||
| safeguard against computational and memory exploits. | ||
| format, and it is therefore recommended to serve models using `ONNX` in a | ||
| sandboxed environment to safeguard against computational and memory exploits. |
There was a problem hiding this comment.
I agree with the assessment. It's much better than loading pickle, and the potential issues can be handled if one limits the resources available to the onnxruntime via sandboxing.
|
@jeremiedbb might wanna cherry pick this one as well. |
|
@adrinjalali I think this new page is a great improvement w.r.t. what we previously had. Maybe we could further improve by rewriting the open section with either:
|
…it-learn#29011) Co-authored-by: Adrin Jalali <adrin.jalali@gmail.com>
Co-authored-by: Adrin Jalali <adrin.jalali@gmail.com>
Follow-up on #28889 with further clarifications / fixes and additional info.