{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"TensorFlow的維護,任重而道遠。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"TensorFlow 是一個龐大而複雜的系統,它依賴於大量的第三方庫,例如"},{"type":"codeinline","content":[{"type":"text","text":"numpy"}]},{"type":"text","text":"、"},{"type":"codeinline","content":[{"type":"text","text":"libjpeg-turbo"}]},{"type":"text","text":"、PNG parsers、"},{"type":"codeinline","content":[{"type":"text","text":"protobuf"}]},{"type":"text","text":")。TensorFlow 或其依賴庫可能包含一些漏洞,這些漏洞可能允許觸發特殊輸入造成的意外或危險行爲。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"日前,由於存在任意代碼執行漏洞,谷歌TensorFlow團隊宣佈已撤銷對YAML的支持。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"YAML 是一個用於在進程和應用程序之間存儲數據和傳遞對象的通用格式。許多"},{"type":"link","attrs":{"href":"https:\/\/portswigger.net\/daily-swig\/python","title":"","type":null},"content":[{"type":"text","text":"Python"}]},{"type":"text","text":"應用程序使用 YAML 來序列化和反序列化對象。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據"},{"type":"link","attrs":{"href":"https:\/\/github.com\/advisories\/GHSA-r6jx-9g48-2r5r","title":"","type":null},"content":[{"type":"text","text":"GitHub 上的公告"}]},{"type":"text","text":",TensorFlow 和 Keras(TensorFlow 的包裝庫)使用不安全的函數來反序列化 YAML 編碼的機器學習模型。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一條概念驗證顯示該漏洞被利用來返回敏感系統文件的內容:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/62\/62c932cbf4d3d1023a70450ef783edca.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“鑑於支持YAML格式所牽扯的工作量很大,所以我們暫時將其刪除,”該庫的維護者這樣說道。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"反序列化不安全"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“對於用 Python、PHP 和 Java 等語言編寫的代碼而言,反序列化漏洞是一個很大的攻擊面”發現該問題的安全研究員 Arjun Shibu 在接受Daily Swig採訪時說道。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“我在 TensorFlow 中搜索了 Pickle 和 PyYAML 反序列化模式,令人驚訝的是,我發現了對危險函數yaml.unsafe_load()的調用 。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"該函數直接加載 YAML 輸入而不對其進行清理,這就可能讓惡意代碼注入到數據中。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"不幸的是,不安全的反序列化已蔚然成風。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“使用類似Grep.app這樣的代碼搜索應用程序進行進一步研究,我發現數以千計的項目\/庫在未經驗證的情況下反序列化 Python 對象,”Shibu說道。“其中大多數是特定於機器學習的,並將用戶輸入作爲參數。”"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"對機器學習應用的影響"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"序列化的使用在機器學習應用中非常普遍。訓練模型是一個昂貴且緩慢的過程。因此,開發人員經常使用預先訓練好的模型進行訓練,這些模型已經存儲在 YAML或其他由TensorFlow等機器學習庫所支持的格式中。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“由於 ML 應用程序通常接受來自用戶的模型配置,因此我感覺這個漏洞會很常見,這就使得很大一部分產品面臨風險,”Shibu 說。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"關於 YAML 漏洞,IBM Research 的 RPI-IBM AI 研究合作首席科學家Pin-Yu Chen告訴The Daily Swig:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“在我看來,大多數基於"},{"type":"link","attrs":{"href":"https:\/\/portswigger.net\/daily-swig\/cloud-security","title":"","type":null},"content":[{"type":"text","text":"雲"}]},{"type":"text","text":"的 AI\/ML 服務都需要YAML文件來指定配置——所以我認爲需要大量的安全指示。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"許多圍繞機器學習安全性的研究都集中在"},{"type":"link","attrs":{"href":"https:\/\/portswigger.net\/daily-swig\/adversarial-attacks-against-machine-learning-systems-everything-you-need-to-know","title":"","type":null},"content":[{"type":"text","text":"對抗性攻擊上"}]},{"type":"text","text":" ——修改機器學習模型上的數據片段。但這一最新發現提醒我們,與所有其他應用程序一樣,安全地編寫代碼是機器學習中非常重要的一方面。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“雖然這些攻擊不是針對機器學習模型本身,但不可否認,它們對機器學習構成了嚴重的威脅,需要立即採取行動,”Pin-Yu Chen這樣說道。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"機器學習安全"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"自年初以來,谷歌已經在 TensorFlow 上修復了 100 多個安全漏洞。並且還發布了關於運行不受信任的模型、清理不受信任的用戶輸入以及在網絡上安全地運行模型的綜合安全指南。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“這些漏洞很容易找到,使用漏洞掃描程序可以幫助我們找出它們,”Shibu 說道。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“通常,如果有安全性更好的替代方案,開發人員應儘可能使用更爲安全的解決方案。例如,使用unsafe_load()或load()與默認的 YAML 加載器可以替換爲安全的safe_load()函數。如果沒有更好的選擇,就需要對用戶輸入進行淨化處理。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"目前谷歌已修復該漏洞,官方已發佈最新版本,鏈接如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/github.com\/tensorflow\/tensorflow\/releases","title":"","type":null},"content":[{"type":"text","text":"https:\/\/github.com\/tensorflow\/tensorflow\/releases"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"參考鏈接:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/portswigger.net\/daily-swig\/deserialization-bug-in-tensorflow-machine-learning-framework-allowed-arbitrary-code-execution","title":"","type":null},"content":[{"type":"text","text":"https:\/\/portswigger.net\/daily-swig\/deserialization-bug-in-tensorflow-machine-learning-framework-allowed-arbitrary-code-execution"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"https:\/\/github.com\/tensorflow\/tensorflow\/security\/advisories\/GHSA-r6jx-9g48-2r5r"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
TensorFlow出現任意代碼執行漏洞,團隊宣佈撤銷對YAML的支持
{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"TensorFlow的維護,任重而道遠。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"TensorFlow 是一個龐大而複雜的系統,它依賴於大量的第三方庫,例如"},{"type":"codeinline","content":[{"type":"text","text":"numpy"}]},{"type":"text","text":"、"},{"type":"codeinline","content":[{"type":"text","text":"libjpeg-turbo"}]},{"type":"text","text":"、PNG parsers、"},{"type":"codeinline","content":[{"type":"text","text":"protobuf"}]},{"type":"text","text":")。TensorFlow 或其依賴庫可能包含一些漏洞,這些漏洞可能允許觸發特殊輸入造成的意外或危險行爲。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"日前,由於存在任意代碼執行漏洞,谷歌TensorFlow團隊宣佈已撤銷對YAML的支持。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"YAML 是一個用於在進程和應用程序之間存儲數據和傳遞對象的通用格式。許多"},{"type":"link","attrs":{"href":"https:\/\/portswigger.net\/daily-swig\/python","title":"","type":null},"content":[{"type":"text","text":"Python"}]},{"type":"text","text":"應用程序使用 YAML 來序列化和反序列化對象。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據"},{"type":"link","attrs":{"href":"https:\/\/github.com\/advisories\/GHSA-r6jx-9g48-2r5r","title":"","type":null},"content":[{"type":"text","text":"GitHub 上的公告"}]},{"type":"text","text":",TensorFlow 和 Keras(TensorFlow 的包裝庫)使用不安全的函數來反序列化 YAML 編碼的機器學習模型。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一條概念驗證顯示該漏洞被利用來返回敏感系統文件的內容:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.geekbang.org\/infoq\/62\/62c932cbf4d3d1023a70450ef783edca.png","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“鑑於支持YAML格式所牽扯的工作量很大,所以我們暫時將其刪除,”該庫的維護者這樣說道。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"反序列化不安全"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“對於用 Python、PHP 和 Java 等語言編寫的代碼而言,反序列化漏洞是一個很大的攻擊面”發現該問題的安全研究員 Arjun Shibu 在接受Daily Swig採訪時說道。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“我在 TensorFlow 中搜索了 Pickle 和 PyYAML 反序列化模式,令人驚訝的是,我發現了對危險函數yaml.unsafe_load()的調用 。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"該函數直接加載 YAML 輸入而不對其進行清理,這就可能讓惡意代碼注入到數據中。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"不幸的是,不安全的反序列化已蔚然成風。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“使用類似Grep.app這樣的代碼搜索應用程序進行進一步研究,我發現數以千計的項目\/庫在未經驗證的情況下反序列化 Python 對象,”Shibu說道。“其中大多數是特定於機器學習的,並將用戶輸入作爲參數。”"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"對機器學習應用的影響"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"序列化的使用在機器學習應用中非常普遍。訓練模型是一個昂貴且緩慢的過程。因此,開發人員經常使用預先訓練好的模型進行訓練,這些模型已經存儲在 YAML或其他由TensorFlow等機器學習庫所支持的格式中。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“由於 ML 應用程序通常接受來自用戶的模型配置,因此我感覺這個漏洞會很常見,這就使得很大一部分產品面臨風險,”Shibu 說。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"關於 YAML 漏洞,IBM Research 的 RPI-IBM AI 研究合作首席科學家Pin-Yu Chen告訴The Daily Swig:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“在我看來,大多數基於"},{"type":"link","attrs":{"href":"https:\/\/portswigger.net\/daily-swig\/cloud-security","title":"","type":null},"content":[{"type":"text","text":"雲"}]},{"type":"text","text":"的 AI\/ML 服務都需要YAML文件來指定配置——所以我認爲需要大量的安全指示。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"許多圍繞機器學習安全性的研究都集中在"},{"type":"link","attrs":{"href":"https:\/\/portswigger.net\/daily-swig\/adversarial-attacks-against-machine-learning-systems-everything-you-need-to-know","title":"","type":null},"content":[{"type":"text","text":"對抗性攻擊上"}]},{"type":"text","text":" ——修改機器學習模型上的數據片段。但這一最新發現提醒我們,與所有其他應用程序一樣,安全地編寫代碼是機器學習中非常重要的一方面。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“雖然這些攻擊不是針對機器學習模型本身,但不可否認,它們對機器學習構成了嚴重的威脅,需要立即採取行動,”Pin-Yu Chen這樣說道。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"機器學習安全"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"自年初以來,谷歌已經在 TensorFlow 上修復了 100 多個安全漏洞。並且還發布了關於運行不受信任的模型、清理不受信任的用戶輸入以及在網絡上安全地運行模型的綜合安全指南。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“這些漏洞很容易找到,使用漏洞掃描程序可以幫助我們找出它們,”Shibu 說道。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"“通常,如果有安全性更好的替代方案,開發人員應儘可能使用更爲安全的解決方案。例如,使用unsafe_load()或load()與默認的 YAML 加載器可以替換爲安全的safe_load()函數。如果沒有更好的選擇,就需要對用戶輸入進行淨化處理。”"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"目前谷歌已修復該漏洞,官方已發佈最新版本,鏈接如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/github.com\/tensorflow\/tensorflow\/releases","title":"","type":null},"content":[{"type":"text","text":"https:\/\/github.com\/tensorflow\/tensorflow\/releases"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"參考鏈接:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/portswigger.net\/daily-swig\/deserialization-bug-in-tensorflow-machine-learning-framework-allowed-arbitrary-code-execution","title":"","type":null},"content":[{"type":"text","text":"https:\/\/portswigger.net\/daily-swig\/deserialization-bug-in-tensorflow-machine-learning-framework-allowed-arbitrary-code-execution"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"https:\/\/github.com\/tensorflow\/tensorflow\/security\/advisories\/GHSA-r6jx-9g48-2r5r"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章