Implementation:Trailofbits Fickling Deactivate Safe ML Environment
| Knowledge Sources | |
|---|---|
| Domains | Security, Runtime_Patching |
| Last Updated | 2026-02-14 14:00 GMT |
Overview
Concrete tool for restoring original pickle module functions after safe ML environment deactivation, provided by the Fickling library.
Description
deactivate_safe_ml_environment (aliased from remove_hook) restores all six monkey-patched pickle entry points to their original pre-hook values: pickle.load, _pickle.load, pickle.loads, _pickle.loads, pickle.Unpickler, and _pickle.Unpickler.
Usage
Call this function after all protected model loading is complete and you want to restore normal pickle behavior.
Code Reference
Source Location
- Repository: fickling
- File: fickling/hook.py
- Lines: L75-86
Signature
def remove_hook() -> None:
"""Restore original pickle functions and classes"""
# Alias
deactivate_safe_ml_environment = remove_hook
Import
from fickling.hook import deactivate_safe_ml_environment
I/O Contract
Inputs
| Name | Type | Required | Description |
|---|---|---|---|
| (none) | — | — | No parameters required |
Outputs
| Name | Type | Description |
|---|---|---|
| (return) | None | No return value |
| Side effect | Module restore | Restores pickle.load, _pickle.load, pickle.loads, _pickle.loads, pickle.Unpickler, _pickle.Unpickler to their original values |
Usage Examples
Paired Activation and Deactivation
from fickling.hook import activate_safe_ml_environment, deactivate_safe_ml_environment
import torch
# Activate protection
activate_safe_ml_environment()
# Load models safely
model = torch.load("model.pt")
# Deactivate protection when done
deactivate_safe_ml_environment()
# Normal pickle operations resume
Related Pages
Implements Principle
Page Connections
Double-click a node to navigate. Hold to expand connections.
Principle
Implementation
Heuristic
Environment