←back to thread

Less is safer: How Obsidian reduces the risk of supply chain attacks

(obsidian.md)
469 points saeedesmaili | 3 comments | 19 Sep 25 22:02 UTC | HN request time: 0.259s | source
Show context
gejose ◴[19 Sep 25 23:42 UTC] No.45308131[source]
This is one way to look at it, but ignores the fact that most users use third party community plugins.

Obsidian has a truly terrible security model for plugins. As I realized while building my own, Obsidian plugins have full, unrestricted access to all files in the vault.

Obsidian could've instead opted to be more 'batteries-included', at the cost of more development effort, but instead leaves this to the community, which in turn increases the attack surface significantly.

Or it could have a browser extension like manifest that declares all permissions used by the plugin, where attempting to access a permission that's not granted gets blocked.

Both of these approaches would've led to more real security to end users than "we have few third party dependencies".

replies(20): >>45308149 #>>45308208 #>>45308212 #>>45308222 #>>45308224 #>>45308241 #>>45308572 #>>45308600 #>>45308749 #>>45310219 #>>45310642 #>>45310881 #>>45310991 #>>45311185 #>>45311760 #>>45311782 #>>45312975 #>>45313054 #>>45314194 #>>45315453 #
ibash ◴[20 Sep 25 03:58 UTC] No.45310219[source]
> Obsidian plugins have full, unrestricted access to all files in the vault.

Unless something has changed, it's worse than that. Plugins have unrestricted access to any file on your machine.

When I brought this up in discord a while back they brushed it aside.

replies(6): >>45310455 #>>45310482 #>>45310762 #>>45310878 #>>45314453 #>>45315194 #
HSO ◴[20 Sep 25 05:48 UTC] No.45310762[source]
What if you run little snitch and block any communications from obsidian to anything?
replies(2): >>45311159 #>>45311167 #
formerly_proven ◴[20 Sep 25 07:08 UTC] No.45311159[source]
Little snitch can block open(2)?
replies(3): >>45311288 #>>45311855 #>>45312838 #
4ndrewl ◴[20 Sep 25 07:34 UTC] No.45311288[source]
I believe they're saying it can open, it just can't send the data anywhere.

Seems a little excessive, but here we are.

replies(2): >>45311853 #>>45312113 #
lxgr ◴[20 Sep 25 10:37 UTC] No.45312113[source]
If it can open and write any file on the OS, it's pretty much game over. Too many ways to exfiltrate data even without network/socket access.
replies(1): >>45312679 #
1. HSO ◴[20 Sep 25 12:16 UTC] No.45312679[source]
Worse, what keeps this from editing the config files for Little Snitch (or similar blockers)?
replies(2): >>45312858 #>>45313080 #
2. TomaszZielinski ◴[20 Sep 25 12:38 UTC] No.45312858[source]
I believe LS has some protections against this. Never tried them, but there are config related security options, incl. protection against synthetic events. So they definitely put some thought into that.
3. 4ndrewl ◴[20 Sep 25 13:09 UTC] No.45313080[source]
File system permissions?