InstructLab Remote Code Execution Vulnerability via Malicious HuggingFace Models

A remote code execution vulnerability exists in InstructLab, specifically within the 'linux_train.py' script, which improperly hardcodes 'trust_remote_code=True' when loading models from HuggingFace. This flaw allows remote attackers to execute arbitrary Python code by persuading users to run 'ilab train/download/generate' with a malicious model sourced from the HuggingFace Hub. The vulnerability could lead to complete system compromise.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system, potentially leading to a full system compromise.

Reproduction

To reproduce this vulnerability, a user must have a free HuggingFace account and access to InstructLab. The vulnerability can be triggered by running the 'ilab train/download/generate' command with a model that has been crafted to include malicious code. The 'linux_train.py' script will execute the harmful code due to the 'trust_remote_code=True' setting, allowing the attacker to execute arbitrary Python code on the user's system.

Remediation

Users are advised to only use models from trusted sources when working with InstructLab. It is important to review the origin and integrity of any HuggingFace model before using it with the 'ilab train/download/generate' command. Consider executing InstructLab commands in a sandboxed or isolated environment to mitigate the risks of running untrusted code.