[fix]rpyc pickle

[SangChengC]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello @SangChengC, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves a potential serialization issue in the RPyC communication layer by explicitly configuring the ThreadedServer to allow pickle serialization. This ensures that Python objects can be correctly transmitted and received, which is essential for the embed_cache manager's functionality.

Highlights

• RPyC Configuration: Enabled pickle serialization for the RPyC ThreadedServer by adding protocol_config={"allow_pickle": True} to its initialization. This is crucial for allowing complex Python objects to be passed between the client and server.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments or fill out our survey to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request fixes an issue with rpyc serialization by enabling pickle support. While this change restores functionality, it introduces a critical security vulnerability. My review focuses on highlighting this risk and suggesting mitigations to secure the service.

[gemini-code-assist]

Enabling allow_pickle is necessary for rpyc.utils.classic.obtain to work, but it introduces a major security vulnerability. An attacker who can connect to this RPyC port can achieve Remote Code Execution (RCE) by sending a malicious pickled object.

The ThreadedServer defaults to listening on all interfaces (0.0.0.0), which could expose this port to a wider network than intended.

To mitigate this risk, consider the following:

• Bind to localhost: If this cache manager is only used by processes on the same machine, explicitly bind the server to localhost. This would significantly reduce the attack surface.
• Network Security: If the server must be accessible over the network, ensure that it runs in a trusted network environment and that access to this port is strictly controlled by firewalls.

Given the high risk, binding to localhost is strongly recommended if the architecture permits.

t = ThreadedServer(service, port=port, hostname="127.0.0.1", protocol_config={"allow_pickle": True})