🐛 Describe the bug

#31875 was closed by adding a warning to the documentation of load.

This is unhelpful because by the time you come to load the model, it's too late. Your choice is either run the binary blob or... not use the model at all.

I would like to suggest moving to a default serialization format which does not rely on arbitrary code execution. Ideally the format would also be based on some standard so that it could be easily read by other tools.

A load_insecure() function could be retained for backwards compatibility with older models, but the important thing is that new models be saved to a safer format by default.

I did notice that the docs for torch.save() mention a new "zip-file based serialization format". However, it is not documented whether this new format is also vulnerable to RCE. Furthermore, there doesn't appear to be an option in pytorch.load() to reject the older definitely insecure format.

Versions

N/A