Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Command injection and Path traversal security fixes #888

Merged
merged 7 commits into from Feb 9, 2023
Merged

Command injection and Path traversal security fixes #888

merged 7 commits into from Feb 9, 2023

Conversation

glenn-jocher
Copy link
Member

@glenn-jocher glenn-jocher commented Feb 9, 2023
edited by UltralyticsAssistant

πŸ› οΈ PR Summary

Made with ❀️ by Ultralytics Actions

🌟 Summary

Enhanced security and reliability in distributed training setup.

πŸ“Š Key Changes

  • Hashing function switched from MD5 to SHA256 for file integrity checking.
  • Distributed training command generation now avoids security vulnerabilities.
  • Temporary files created during distributed training are cleaned up more reliably.
  • Introduced compatibility with torch.distributed.run for PyTorch 1.9.

🎯 Purpose & Impact

  • πŸ”’ Increased Security: By upgrading to SHA256, the codebase benefits from a more secure method of hashing, reducing vulnerability to hash collision attacks.
  • πŸ› οΈ Improved Reliability: Generating a proper file for distributed training and cleaning up temporary files prevent potential issues that could arise from improper handling of resources during the training process.
  • 🀝 Compatibility and Flexibility: Ensuring support for PyTorch's torch.distributed.run method provides better compatibility with newer versions of PyTorch, future-proofing the project.
  • πŸš€ Potential Impact: Users of Ultralytics can expect a more robust training environment, especially when training models in distributed settings across multiple machines or GPUs.

@glenn-jocher glenn-jocher self-assigned this Feb 9, 2023
@glenn-jocher glenn-jocher merged commit a5a3ce8 into main Feb 9, 2023
@glenn-jocher glenn-jocher deleted the security branch February 9, 2023 09:27
geoffrey-g-delhomme pushed a commit to geoffrey-g-delhomme/ultralytics that referenced this pull request Apr 18, 2023
@glenn-jocher @pre-commit-ci @geoffrey-g-delhomme
Command injection and Path traversal security fixes (ultralytics#888)
d1c8436 
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
geoffrey-g-delhomme pushed a commit to geoffrey-g-delhomme/ultralytics that referenced this pull request Apr 18, 2023
@glenn-jocher @pre-commit-ci @geoffrey-g-delhomme
Command injection and Path traversal security fixes (ultralytics#888)
2dbf650 
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
0iui0 pushed a commit to 0iui0/ultralytics that referenced this pull request Jan 3, 2024
@glenn-jocher @pre-commit-ci
Command injection and Path traversal security fixes (ultralytics#888)
ffe79fd 
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@glenn-jocher glenn-jocher

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@glenn-jocher