Skip to content

[DOCS] Update document to include security model of RPC server #17377

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 17, 2024
Merged

[DOCS] Update document to include security model of RPC server #17377

merged 2 commits into from
Sep 17, 2024

Conversation

@tqchen
Copy link
Member

@tqchen tqchen commented Sep 16, 2024

This PR update the documents to include the security model of the RPC server.

@tqchen
[DOCS] Update document to include security model of RPC server
d90022c 
This PR update the documents to include the security model
of the RPC server.
raboof
raboof reviewed Sep 16, 2024
View reviewed changes
docs/reference/security.rst Outdated
Comment on lines 43 to 44
TVM RPC server assumes that the user is trusted and needs to be used in a trusted network environment
and encrypted channels. It allows writings of arbitrary files into the server for benchmarking purposes.
Copy link
Member

@raboof raboof Sep 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems like a good addition. Perhaps to make it really clear to users we should also mention that writing arbitrary files typically also leads to full remote code execution capabilities to anyone who can access this API?

Copy link
Member Author

@tqchen tqchen Sep 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great suggestion, just updated to include explicit discussion about RCE

@MasterJH5574 MasterJH5574 merged commit 4692b95 into apache:main Sep 17, 2024
@ysh329 ysh329 mentioned this pull request Oct 16, 2024
Closed
@kurisu6912 kurisu6912 mentioned this pull request Sep 5, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MasterJH5574 MasterJH5574 MasterJH5574 approved these changes

+1 more reviewer

@raboof raboof raboof left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tqchen @raboof @MasterJH5574