Thanks to visit codestin.com
Credit goes to github.com

Skip to content

security : add note about RPC and server functionality #13061

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 22, 2025
Merged

security : add note about RPC and server functionality #13061

merged 2 commits into from
Apr 22, 2025

Conversation

ggerganov
Copy link
Member

We are generally aware that the RPC backend and rpc-server are vulnerable to all sorts of attack vectors. At some point we added a notice in the README to avoid usage of the RPC functionality in sensitive environments: https://github.com/ggml-org/llama.cpp/tree/master/examples/rpc

However, we keep receiving security advisories about the RPC backend that we don't have the capacity to act upon privately. It makes more sense for the time being to resolve such vulnerabilities publicly, so that the community can help in the process.

With this change to the security policy, we categorize such issues as known vulnerabilities and recommend to skip the advisory process. My suggestion is this to be in effect until we feel more confident about the security of the RPC implementation.

@ggerganov ggerganov requested review from rgerganov and slaren April 22, 2025 09:04
@ngxson
Copy link
Collaborator

ngxson commented Apr 22, 2025
edited
Loading

Maybe it also worth printing a line on rpc-server saying Do not expose rpc-server to an untrusted or public network

@rgerganov
Copy link
Collaborator

Maybe it also worth printing a line on rpc-server saying Do not expose rpc-server to an untrusted or public network

we already do this: https://github.com/ggml-org/llama.cpp/blob/master/examples/rpc/rpc-server.cpp#L268-L276

slaren
slaren approved these changes Apr 22, 2025
View reviewed changes
Copy link
Member

@slaren slaren left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would add the same note about the llama-server.

@ggerganov ggerganov changed the title security : add note about RPC functionality security : add note about RPC and server functionality Apr 22, 2025
@ggerganov ggerganov merged commit ab47dec into master Apr 22, 2025
2 checks passed
@ggerganov ggerganov deleted the gg/security-update branch April 22, 2025 13:16
pockers21 pushed a commit to pockers21/llama.cpp that referenced this pull request Apr 28, 2025
@ggerganov
security : add note about RPC and server functionality (ggml-org#13061)
2d59f44 
* security : add note about RPC functionality

* security : add note about llama-server
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rgerganov rgerganov rgerganov approved these changes

@slaren slaren slaren approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ggerganov @ngxson @rgerganov @slaren