Skip to content

[Security] Document StatelessProcessGroup security concerns #17591

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Security] Document StatelessProcessGroup security concerns #17591

wants to merge 1 commit into from

Conversation

@russellb
Copy link
Member

@russellb russellb commented May 2, 2025

A recent PR, #15988, improved StatelessProcessGroup to ensure the
torch.distributed TCPStore uses the specified IP address unless of
binding to all interfaces. Upon closer inspection, this is quite
important, as the way vllm is using this TCPStore includes pickled data,
so malicious access to the TCPStore would allow remote code execution on
a vllm host.

Update some places throughout the code base to reflect the importance of
specifying a secured IP addres for use with this interface.

Finally, fix a couple places in tests to explicitly use localhost
instead of the IP we find that's (probably) the one used for the host's
default route. Otherwise, a host running these tests is briefly
vulnerable on the IP address chosen.

Signed-off-by: Russell Bryant rbryant@redhat.com

@russellb russellb requested a review from youkaichao as a code owner May 2, 2025 14:55
@github-actions
Copy link

github-actions bot commented May 2, 2025

👋 Hi! Thank you for contributing to the vLLM project.

💬 Join our developer Slack at https://slack.vllm.ai to discuss your PR in #pr-reviews, coordinate on features in #feat- channels, or join special interest groups in #sig- channels.

Just a reminder: PRs would not trigger full CI run by default. Instead, it would only run fastcheck CI which starts running only a small and essential subset of CI tests to quickly catch errors. You can run other CI tests on top of those by going to your fastcheck build on Buildkite UI (linked in the PR checks section) and unblock them. If you do not have permission to unblock, ping simon-mo or khluu to add you in our Buildkite org.

Once the PR is approved and ready to go, your PR reviewer(s) can run CI to test the changes comprehensively before merging.

To run CI, PR reviewers can either: Add ready label to the PR or enable auto-merge.

🚀

@mergify mergify bot added the documentation Improvements or additions to documentation label May 2, 2025
@russellb russellb requested a review from njhill May 2, 2025 14:57
@russellb russellb force-pushed the statelessprocessgroup-security branch from f320c43 to 3e3ac95 Compare May 2, 2025 16:49
@simon-mo simon-mo added the ready ONLY add when PR is ready to merge/full CI is needed label May 12, 2025
@simon-mo simon-mo enabled auto-merge (squash) May 12, 2025 18:26
@russellb russellb force-pushed the statelessprocessgroup-security branch from 3e3ac95 to ba86dd6 Compare May 13, 2025 12:17
@russellb russellb force-pushed the statelessprocessgroup-security branch from ba86dd6 to f81e8b9 Compare June 6, 2025 15:16
@russellb russellb force-pushed the statelessprocessgroup-security branch from f81e8b9 to 595e1d7 Compare June 14, 2025 16:50
@mergify
Copy link

mergify bot commented Aug 1, 2025

This pull request has merge conflicts that must be resolved before it can be
merged. Please rebase the PR, @russellb.

https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/syncing-a-fork

@mergify mergify bot added the needs-rebase label Aug 1, 2025
@russellb
[Security] Document StatelessProcessGroup security concerns
90a22fa 
A recent PR, vllm-project#15988, improved StatelessProcessGroup to ensure the
torch.distributed TCPStore uses the specified IP address unless of
binding to all interfaces. Upon closer inspection, this is quite
important, as the way vllm is using this TCPStore includes pickled data,
so malicious access to the TCPStore would allow remote code execution on
a vllm host.

Update some places throughout the code base to reflect the importance of
specifying a secured IP addres for use with this interface.

Finally, fix a couple places in tests to explicitly use localhost
instead of the IP we find that's (probably) the one used for the host's
default route. Otherwise, a host running these tests is briefly
vulnerable on the IP address chosen.

Signed-off-by: Russell Bryant <rbryant@redhat.com>
@russellb russellb force-pushed the statelessprocessgroup-security branch from 595e1d7 to 90a22fa Compare August 5, 2025 18:33
@mergify mergify bot removed the needs-rebase label Aug 5, 2025
@github-actions
Copy link

github-actions bot commented Nov 4, 2025

This pull request has been automatically marked as stale because it has not had any activity within 90 days. It will be automatically closed if no further activity occurs within 30 days. Leave a comment if you feel this pull request should remain open. Thank you!

@github-actions github-actions bot added the stale Over 90 days of inactivity label Nov 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@simon-mo simon-mo simon-mo approved these changes

@youkaichao youkaichao Awaiting requested review from youkaichao youkaichao is a code owner

@njhill njhill Awaiting requested review from njhill

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation ready ONLY add when PR is ready to merge/full CI is needed stale Over 90 days of inactivity

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@russellb @simon-mo