Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: The MapDataManager function uses pickle to serialize the data_map.txt file which may lead to security risks. #655

Open
lihao7212148 opened this issue Oct 12, 2024 · 2 comments
Open

[Bug]: The MapDataManager function uses pickle to serialize the data_map.txt file which may lead to security risks. #655

lihao7212148 opened this issue Oct 12, 2024 · 2 comments

Comments

@lihao7212148
Copy link

lihao7212148 commented Oct 12, 2024
edited
Loading

Current Behavior

When MapDataManager is initialized, pickle is called to read the data_map.txt file. If an attacker tampered with the data_map.txt file, this may lead to security risks and the python open source community has stated that pickle is an unsafe function.
image

gptcache use pickle code as blow:
image

Expected Behavior

expected do not ues pickle or Verify whether the file content has been tampered

Steps To Reproduce

No response

Environment

No response

Anything else?

No response
@SimFG
Copy link
Collaborator

SimFG commented Oct 12, 2024

That's a good question, could you try to fix that?

@lihao7212148
Copy link
Author

That's a good question, could you try to fix that?

I tried adding the hmac field in the header of the data_map.txt file to prevent tampering, but this method cannot completely eliminate the risk. An attacker may still forge the same hmac data to bypass verification

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SimFG @lihao7212148