From f7832fea70d6d3dfb77312cf549d93851d75818e Mon Sep 17 00:00:00 2001 From: Vigi Zhang Date: Wed, 7 Sep 2022 19:07:08 +0800 Subject: [PATCH] update security policy test=document_fix (#45843) add running untrusted models in security policy --- SECURITY.md | 5 +++++ SECURITY_cn.md | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/SECURITY.md b/SECURITY.md index 04ccdd8062..97b092d6df 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -14,6 +14,11 @@ PaddlePaddle attaches great importance to security and privacy of model. This in These tools include adversarial example evaluation test, pseudo-natural environment robustness evaluation test, model reversing evaluation test, member inference evaluation test, sample denoising, adversarial training, privacy enhancement optimizer, etc. +### Running untrusted models + +Always load and execute untrusted models inside a sandbox and be sure to know the security impacts. +There are several ways in which a model could become untrusted. PaddlePaddle has enough features to impact on the system. (e.g. `paddle.load` uses [pickle](https://docs.python.org/3/library/pickle.html) implicitly, which may cause malformed models to achieve arbitrary code execution). So we recommend when using the untrusted models, you need to carefully audit it and run PaddlePaddle inside a sandbox. + ## PaddlePaddle Code Security PaddlePaddle always take code security seriously. However, due to the complexity of the framework and its dependence on other thirdparty open source libraries, there may still be some security issues undetected. Therefore, we hope that more security researchers and PaddlePaddle developers can participate in the code security program. We encourage responsible disclosure of security issues, as well as contributing code to improve our vulnerability finding tools to make PaddlePaddle safer. diff --git a/SECURITY_cn.md b/SECURITY_cn.md index 68ad6b3217..cd2b4b450b 100644 --- a/SECURITY_cn.md +++ b/SECURITY_cn.md @@ -10,6 +10,11 @@ 飞桨的安全和隐私套件[PaddleSleeve](https://github.com/PaddlePaddle/PaddleSleeve)提供了一系列工具,可帮助模型开发者及使用者在模型的开发或部署阶段,系统性地评估并提升模型的安全性和隐私性。这些工具包括对抗样本评估测试、拟自然环境鲁棒性评估测试、模型逆向评估测试、成员推断评估测试、样本去噪、对抗训练、隐私增强优化器等。 +### 运行非信任模型 + +请永远在沙箱中加载和运行非信任模型并了解其可能造成的影响。 +有多种方式可能导致模型不受信任。飞桨的功能足以在加载不受信任的模型时对系统造成影响,如:`paddle.load` 使用了[pickle](https://docs.python.org/3/library/pickle.html),这会导致恶意模型执行任意命令。所以在使用非信任模型时需要仔细地审计模型,并在沙箱中运行来确保安全。 + ## 飞桨代码安全 飞桨团队一向非常重视代码安全,但鉴于飞桨框架的实现非常复杂,并且依赖了多个第三方开源库,其中仍可能会存在未被发现的问题。因此,我们希望有更多安全研究人员、飞桨开发者能参与到飞桨代码安全保障项目中来,我们鼓励向飞桨负责任的披露(Responsible Disclosure)安全问题,也鼓励向飞桨贡献代码完善动静态漏洞挖掘工具,让飞桨变得更安全。 -- GitLab