We are building a functionality to bring external Models built in R into our application. Apart from PMML, some custom R models/objects can be saved using saveRDS. Which is a serialized form of the object. Much like we have in Python pickle. We plan to be load it remotely using JRI/rpy2. My question is are there any security concerns with saveRDS? I am comparing this with python pickle which is also a serialized form and someone can potentially store malicious code or a malicious system call into a pickle file? Please have a look at this link. https://www.benfrederickson.com/dont-pickle-your-data/
Do we have similar concerns with saveRDS? The reason I am asking about security issues is that while loading an RDS object(uploaded/shared by someone) we don't want to execute a potential command on our server.