Submitted by unofficialmerve t3_zd3n8s in MachineLearning
acamara t1_iz0ziae wrote
Reply to comment by Massive_bull_worm in [P] Save your sklearn models securely using skops by unofficialmerve
Pickle objects can be (almost) anything. Including arbitrary code.
Now, imagine a bad actor claiming to be publishing a SOTA Random Forests model. However, embedded in their .pkl file is a statement like import shutils; shutils.rmtree(β./β);.
Pickle will happily execute this code. There is nothing checking whether or not the pickle file is safe or not.
P.S. of course the syntax is not that simple, but I hope you get it (and Iβm on mobile, yada yadaβ¦)
unofficialmerve OP t1_iz12non wrote
this is a good explanation π€πΌπ
acamara t1_iz136an wrote
Thanks Merve! (Btw, love your HF notebooks. π)
Viewing a single comment thread. View all comments