The original post: /r/php by /u/gcpwnd on 2024-11-08 14:26:24.
I am frustrated, so title a bit rage baity.
Recently I came to look at few python repositories, due to my interest in Stable Diffusion and in a wider sense AI/ML.
First time I felt suffocating was looking at diffusers library. Which seemed to me, at that time, that it is the easy entry to programmatically experiment with, or automate, a lot of interesting AI stuff, like stable diffusion image generation. But to keep things practical they choose to just download external/optional stuff required at runtime. Maybe you have heard of python pickle, it serializes code, with all the obvious issues. Which leads to pickletensors (pt) and also naming their alternative safetensors, will give you another clue whats going on. These files are common in AI and for example contain whole models or in lay terms the magical stuff. Safetensors were introduced for the obvious problem that pickletensors will/can execute code. But for what I know, it’s an extra step for creators and thus sometimes not supplied. So yes, the diffusers library has built in RCE. To be clear, this is kind of similar to what we did with , back then, on remote sources. You can disable this feature and download everything manually (which is likely mind wrecking).
You could argue that a lot of ML enthusiasts are contributing and maybe they are not too concerned or trained on security or they have the Zuck mindset, move fast and break things.
But it’s an recurring issue, two popular image generation frontends, Automatic1111 and ComfyUI, do download stuff (code) at runtime (the latter i think only with extensions/addons). Today I’ve searched NLTK and google shoved an recent RCE bug into my face. The latter quite telling because one person happened to play it down with an apparent lack of security awareness.
I’ve didn’t follow all the code repositories and the community closely, so I may make some of them angry. But there is a general lack of security apparently. Not even imagining how all this could happen with companies using this stuff that may have strict security policies. Also it’s a massive nightmare for potential CI/CD.
I somehow want to use some of the libs, but I am not sure I could sleep anymore.
So if next time some python dev looks down on you for using an terrible language like PHP, keep in mind that they’ve managed to create a shitty wordpress level ecosystem, but they happened to have the smartest AI/ML people doing it.