[Security] Document StatelessProcessGroup security concerns

[russellb]

A recent PR, #15988, improved StatelessProcessGroup to ensure the
torch.distributed TCPStore uses the specified IP address unless of
binding to all interfaces. Upon closer inspection, this is quite
important, as the way vllm is using this TCPStore includes pickled data,
so malicious access to the TCPStore would allow remote code execution on
a vllm host.

Update some places throughout the code base to reflect the importance of
specifying a secured IP addres for use with this interface.

Finally, fix a couple places in tests to explicitly use localhost
instead of the IP we find that's (probably) the one used for the host's
default route. Otherwise, a host running these tests is briefly
vulnerable on the IP address chosen.

Signed-off-by: Russell Bryant [email protected]

[github-actions]

👋 Hi! Thank you for contributing to the vLLM project.

💬 Join our developer Slack at https://slack.vllm.ai to discuss your PR in #pr-reviews, coordinate on features in #feat- channels, or join special interest groups in #sig- channels.

Just a reminder: PRs would not trigger full CI run by default. Instead, it would only run fastcheck CI which starts running only a small and essential subset of CI tests to quickly catch errors. You can run other CI tests on top of those by going to your fastcheck build on Buildkite UI (linked in the PR checks section) and unblock them. If you do not have permission to unblock, ping simon-mo or khluu to add you in our Buildkite org.

Once the PR is approved and ready to go, your PR reviewer(s) can run CI to test the changes comprehensively before merging.

To run CI, PR reviewers can either: Add ready label to the PR or enable auto-merge.

🚀