Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOCS] Update document to include security model of RPC server #17377

Merged
merged 2 commits into from
Sep 17, 2024
Merged

[DOCS] Update document to include security model of RPC server #17377

merged 2 commits into from
Sep 17, 2024

Conversation

tqchen
Copy link
Member

@tqchen tqchen commented Sep 16, 2024

This PR update the documents to include the security model of the RPC server.

@tqchen
[DOCS] Update document to include security model of RPC server
d90022c 
This PR update the documents to include the security model
of the RPC server.
raboof
raboof reviewed Sep 16, 2024
View reviewed changes
docs/reference/security.rst Outdated
Comment on lines 43 to 44
TVM RPC server assumes that the user is trusted and needs to be used in a trusted network environment
and encrypted channels. It allows writings of arbitrary files into the server for benchmarking purposes.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems like a good addition. Perhaps to make it really clear to users we should also mention that writing arbitrary files typically also leads to full remote code execution capabilities to anyone who can access this API?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great suggestion, just updated to include explicit discussion about RCE

@MasterJH5574 MasterJH5574 merged commit 4692b95 into apache:main Sep 17, 2024
19 of 20 checks passed
@ysh329 ysh329 mentioned this pull request Oct 16, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@raboof raboof raboof left review comments

@MasterJH5574 MasterJH5574 MasterJH5574 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tqchen @raboof @MasterJH5574