How secure is it to run Onnx models of unknown origin? #5791
Unanswered
tensorgirl
asked this question in
Q&A
Replies: 1 comment
-
@tensorgirl generally safety concerns come from the possibility of code injection in executable files. It's not that hard to print "hello world" in a .pickle file. There are a number of other binary formats that pose similar safety concerns. .jit, .bin are some more examples. The .safetensor format is considered safe because it's a serialized format for storing just the data, not executable code. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
I am curious about security of onnx as an exchange format. It seems that it is built around a set of operators and that the models run on an accelerator with no direct access to the underlying operating system.
So I wonder how safe it is to run onnx models, from my current understanding which is quite limited it seems to be safe to run them and there is not much possibility for a malicious onnx but I don't know enough to say that for sure.
What is everyone's opinion on this?
I am especially curious what the security concerns are in regards to running third party models from sites like huggingface, are there any?
Beta Was this translation helpful? Give feedback.
All reactions