Disabling —trust-remote-code in vLLM
Overview
The--trust-remote-code parameter in vLLM allows execution of custom code when loading models from Hugging Face Hub. This feature enables support for cutting-edge models with custom architectures and implementations, providing flexibility for the latest AI research and development. However, Koalavault has disabled this feature due to significant security concerns.
How —trust-remote-code Works
When enabled,--trust-remote-code allows vLLM to:
- Execute custom code bundled with models from Hugging Face Hub (if the specified code is already included in the model directory, it will directly use the code in the model directory)
- Load model-specific tokenizers, processors, or configuration classes
- Use custom implementations provided by model authors
Security Vulnerability
The primary security risk involves malicious users who can:- Modify model configurations: Even if the original model doesn’t require
trust_remote_code, malicious users can modify theconfig.jsonfile - Enable remote code execution: By setting
trust_remote_code=Truein the modified config - Execute arbitrary code: vLLM will automatically load and execute custom code
- Extract model weights: Malicious code can potentially export model weights or access sensitive data
Current Status
Koalavault has disabled--trust-remote-code functionality.
As a result, only models that do not require trust_remote_code can be deployed on our platform.
Future Plans
We are planning to implement enhanced security measures:- Config validation: Verify the integrity of
config.jsonfiles - Custom code verification: Implement validation mechanisms for custom code
- Secure execution environment: Create sandboxed environments for safe code execution
Community Feedback
If you require--trust-remote-code functionality, please:
- Create an issue on our GitHub repository
- Describe your specific use case and requirements
- We will adjust feature priorities based on community feedback
Related Resources
Last updated: December 2024