Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

security : add note about RPC and server functionality#13061

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
ggerganov merged 2 commits intomasterfromgg/security-update
Apr 22, 2025

Conversation

@ggerganov
Copy link
Member

We are generally aware that the RPC backend andrpc-server are vulnerable to all sorts of attack vectors. At some point we added a notice in the README to avoid usage of the RPC functionality in sensitive environments:https://github.com/ggml-org/llama.cpp/tree/master/examples/rpc

However, we keep receiving security advisories about the RPC backend that we don't have the capacity to act upon privately. It makes more sense for the time being to resolve such vulnerabilities publicly, so that the community can help in the process.

With this change to the security policy, we categorize such issues as known vulnerabilities and recommend to skip the advisory process. My suggestion is this to be in effect until we feel more confident about the security of the RPC implementation.

segmond, Green-Sky, and struct reacted with thumbs up emoji
@ngxson
Copy link
Collaborator

ngxson commentedApr 22, 2025
edited
Loading

Maybe it also worth printing a line onrpc-server sayingDo not expose rpc-server to an untrusted or public network

@rgerganov
Copy link
Collaborator

Maybe it also worth printing a line onrpc-server sayingDo not expose rpc-server to an untrusted or public network

we already do this:https://github.com/ggml-org/llama.cpp/blob/master/examples/rpc/rpc-server.cpp#L268-L276

ngxson reacted with thumbs up emoji

Copy link
Member

@slarenslaren left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

I would add the same note about the llama-server.

ggerganov and segmond reacted with thumbs up emoji
@ggerganovggerganov changed the titlesecurity : add note about RPC functionalitysecurity : add note about RPC and server functionalityApr 22, 2025
@ggerganovggerganov merged commitab47dec intomasterApr 22, 2025
2 checks passed
@ggerganovggerganov deleted the gg/security-update branchApril 22, 2025 13:16
pockers21 pushed a commit to pockers21/llama.cpp that referenced this pull requestApr 28, 2025
* security : add note about RPC functionality* security : add note about llama-server
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@rgerganovrgerganovrgerganov approved these changes

@slarenslarenslaren approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ggerganov@ngxson@rgerganov@slaren
[8]ページ先頭
©2009-2025 Movatter.jp