WingNews logo WingNews
top | item 45310219

(no title)

ibash | 5 months ago

> Obsidian plugins have full, unrestricted access to all files in the vault.

Unless something has changed, it's worse than that. Plugins have unrestricted access to any file on your machine.

When I brought this up in discord a while back they brushed it aside.

discuss

order

Tallain|5 months ago

Having recently read through a handful of issues on their forums, they seems to brush aside a lot of things. It's a useful tool but the mod / dev team they have working with the community could use some training.

esseph|5 months ago

If you're using a flatpak, that's not actually the case. It would have very restricted access to the point where you even would have to explicitly give it access to user /home.

pipes|5 months ago

So if I run their software in a container they can't access my entire filesystem. I don't think that is a security feature.

It sounds like if I ever run obsidian I should be using flat seal too.

HSO|5 months ago

What if you run little snitch and block any communications from obsidian to anything?

elric|5 months ago

Or firejail. Or QubesOS using a dedicated VM. There are options, but it would still be nice if Obsidian had a more robust security model.

formerly_proven|5 months ago

Little snitch can block open(2)?

qbit42|5 months ago

Is this true on Mac? Usually I am notified when programs request access outside the normal sandboxed or temp folders. Not sure how that works in any detail though.

raybb|5 months ago

Ah I guess that's one reason some folks started running it in a docker container. I think Linux server recently released a container for it.

eli|5 months ago

To be fair it also ships with the ability to install community plugins disabled.

hsbauauvhabzb|5 months ago

To be fair, it’s no worse of a dumpsterfire than any other plug-in ecosystem.