Upload folder using huggingface_hub
Browse files
README.md
CHANGED
|
@@ -1,9 +1,20 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
# Benign MessagePack / RLlib Checkpoint Security PoC
|
| 2 |
|
| 3 |
This repository stages a safe proof-of-concept for a MessagePack-based ML checkpoint loading issue. The artifact is a tiny `state.msgpack` file that follows the Ray RLlib checkpoint state-file shape and carries a NumPy object-dtype array encoded through `msgpack-numpy`.
|
| 4 |
|
| 5 |
When decoded through Ray RLlib's `restore_from_path()` MessagePack path, the current `msgpack-numpy` decoder reaches `pickle.loads()` for object-dtype array data. The embedded payload only writes a local marker file named `MSG_PACK_NUMPY_MARKER.txt`.
|
| 6 |
|
|
|
|
|
|
|
| 7 |
## Files
|
| 8 |
|
| 9 |
- `state.msgpack` - benign PoC checkpoint state file.
|
|
|
|
| 1 |
+
---
|
| 2 |
+
tags:
|
| 3 |
+
- security
|
| 4 |
+
- msgpack
|
| 5 |
+
- rllib
|
| 6 |
+
- model-format
|
| 7 |
+
license: other
|
| 8 |
+
---
|
| 9 |
+
|
| 10 |
# Benign MessagePack / RLlib Checkpoint Security PoC
|
| 11 |
|
| 12 |
This repository stages a safe proof-of-concept for a MessagePack-based ML checkpoint loading issue. The artifact is a tiny `state.msgpack` file that follows the Ray RLlib checkpoint state-file shape and carries a NumPy object-dtype array encoded through `msgpack-numpy`.
|
| 13 |
|
| 14 |
When decoded through Ray RLlib's `restore_from_path()` MessagePack path, the current `msgpack-numpy` decoder reaches `pickle.loads()` for object-dtype array data. The embedded payload only writes a local marker file named `MSG_PACK_NUMPY_MARKER.txt`.
|
| 15 |
|
| 16 |
+
Public PoC URL: https://huggingface.co/pragnyanramtha/rllib-msgpack-numpy-object-array-ace-poc
|
| 17 |
+
|
| 18 |
## Files
|
| 19 |
|
| 20 |
- `state.msgpack` - benign PoC checkpoint state file.
|