←back to thread

Less is safer: How Obsidian reduces the risk of supply chain attacks

(obsidian.md)
421 points saeedesmaili | 6 comments | 19 Sep 25 22:02 UTC | HN request time: 1.062s | source | bottom
Show context
gejose ◴[19 Sep 25 23:42 UTC] No.45308131[source]
This is one way to look at it, but ignores the fact that most users use third party community plugins.

Obsidian has a truly terrible security model for plugins. As I realized while building my own, Obsidian plugins have full, unrestricted access to all files in the vault.

Obsidian could've instead opted to be more 'batteries-included', at the cost of more development effort, but instead leaves this to the community, which in turn increases the attack surface significantly.

Or it could have a browser extension like manifest that declares all permissions used by the plugin, where attempting to access a permission that's not granted gets blocked.

Both of these approaches would've led to more real security to end users than "we have few third party dependencies".

replies(18): >>45308149 #>>45308208 #>>45308212 #>>45308222 #>>45308224 #>>45308241 #>>45308572 #>>45308600 #>>45308749 #>>45310219 #>>45310642 #>>45310881 #>>45310991 #>>45311185 #>>45311760 #>>45311782 #>>45312975 #>>45313054 #
ibash ◴[20 Sep 25 03:58 UTC] No.45310219[source]
> Obsidian plugins have full, unrestricted access to all files in the vault.

Unless something has changed, it's worse than that. Plugins have unrestricted access to any file on your machine.

When I brought this up in discord a while back they brushed it aside.

replies(4): >>45310455 #>>45310482 #>>45310762 #>>45310878 #
1. esseph ◴[20 Sep 25 04:48 UTC] No.45310482[source]
If you're using a flatpak, that's not actually the case. It would have very restricted access to the point where you even would have to explicitly give it access to user /home.
replies(2): >>45310702 #>>45311794 #
2. pipes ◴[20 Sep 25 05:37 UTC] No.45310702[source]
So if I run their software in a container they can't access my entire filesystem. I don't think that is a security feature.

It sounds like if I ever run obsidian I should be using flat seal too.

replies(1): >>45310918 #
3. esseph ◴[20 Sep 25 06:18 UTC] No.45310918[source]
Er, what?

I'm not claiming it's a security feature of Obsidian, I'm saying it's a consequence of running a flatpak - and in this situation it could be advantageous for those interested.

replies(1): >>45311565 #
4. pipes ◴[20 Sep 25 08:37 UTC] No.45311565{3}[source]
Sorry, it genuinely sounded to me like you were saying that it's not a problem because flat pack.
5. s_ting765 ◴[20 Sep 25 09:32 UTC] No.45311794[source]
You're wrong. The obsidian flatpak ships by default with access to /home. https://github.com/flathub/md.obsidian.Obsidian/blob/5e594a4...
replies(1): >>45312923 #
6. TomaszZielinski ◴[20 Sep 25 12:46 UTC] No.45312923[source]
I „love” such sandboxing defaults. Apps like Docker Desktop also share the whole home by default [1], which is pretty interesting if a big selling point is to keep stuff separated. No idea why node_packages need to have access to my tax returns :). Of course you can change that, but I bet many users keeps the default paths intact.

[1] https://docs.docker.com/desktop/settings-and-maintenance/set...