Hacker News

> Obsidian plugins have full, unrestricted access to all files in the vault.

Unless something has changed, it's worse than that. Plugins have unrestricted access to any file on your machine.

When I brought this up in discord a while back they brushed it aside.

Having recently read through a handful of issues on their forums, they seems to brush aside a lot of things. It's a useful tool but the mod / dev team they have working with the community could use some training.

esseph 3 days ago [ - ]

If you're using a flatpak, that's not actually the case. It would have very restricted access to the point where you even would have to explicitly give it access to user /home.

s_ting765 3 days ago [ - ]

You're wrong. The obsidian flatpak ships by default with access to /home. https://github.com/flathub/md.obsidian.Obsidian/blob/5e594a4...

esseph 2 days ago [ - ]

Interesting, I thought I had to turn that on for Obsidian!

The first time I started installing flatpaks I ran into a bit of permission / device isolation trouble and ever since then, I use flatseal after installing an app to make sure it actually has access to things.

I guess I misremembered in the case of Obsidian.

TomaszZielinski 2 days ago [ - ]

I „love” such sandboxing defaults. Apps like Docker Desktop also share the whole home by default [1], which is pretty interesting if a big selling point is to keep stuff separated. No idea why node_packages need to have access to my tax returns :). Of course you can change that, but I bet many users keeps the default paths intact.

[1] https://docs.docker.com/desktop/settings-and-maintenance/set...

eli a day ago [ - ]

Needed for volume mounting to work easily I assume.

TomaszZielinski a day ago [ - ]

Yeah, I forgot there’s the intermediate VM level, and user folders are shared there so that folders could be mounted to the individual containers using host paths.

pipes 3 days ago [ - ]

So if I run their software in a container they can't access my entire filesystem. I don't think that is a security feature.

It sounds like if I ever run obsidian I should be using flat seal too.

esseph 3 days ago [ - ]

Er, what?

I'm not claiming it's a security feature of Obsidian, I'm saying it's a consequence of running a flatpak - and in this situation it could be advantageous for those interested.

pipes 3 days ago [ - ]

Sorry, it genuinely sounded to me like you were saying that it's not a problem because flat pack.

esseph 2 days ago [ - ]

No, lol

HSO 3 days ago [ - ]

What if you run little snitch and block any communications from obsidian to anything?

elric 3 days ago [ - ]

Or firejail. Or QubesOS using a dedicated VM. There are options, but it would still be nice if Obsidian had a more robust security model.

johnisgood 3 days ago [ - ]

I have been using firejail for most of these kind of applications, be it Obsidian, Discord, or the browser I am using. I definitely recommend people start using it.

dotancohen 3 days ago [ - ]

Sell it to us! Why do you use specifically firejail?

There are so many options, from so many different security perspectives, that analysis paralysis is a real issue.

johnisgood 2 days ago [ - ]

I feel like I should keep track of all my comments on HN because I remember writing a lengthy comment on firejail more than once. I cannot keep doing this. :D

For user-space, there is usually bubblewrap vs. firejail. I have not personally used bubblewrap, so I cannot comment on that, but firejail is great at what it does.

The last comment was about restricting clipboard access to either X11 or Wayland which is possible with firejail quite easily, so if you want that, you can have that.

You can do a LOT more with firejail though.

https://wiki.archlinux.org/title/Firejail

https://man.archlinux.org/man/firejail.1

lioeters 2 days ago [ - ]

> bubblewrap vs. firejail

In case anyone else is curious, I found the following comparison in bubblewrap's repo.

- https://github.com/containers/bubblewrap#related-project-com...

I'm gonna try both and see which one I like. Thanks for this info! You're sure living up to your user name there. (:

rufugee 2 days ago [ - ]

So do you configure firejail to give each app their own separate, permanent home directories? Like "firejail --private=/home/user/firejails/discord discord", "firejail --private=/home/user/firejails/chromium chromium", and so on?

johnisgood 2 days ago [ - ]

I have my own Discord.profile!

This is my ~/.config/firejail/Discord.profile[1]:

  include disable-common.inc
  include disable-devel.inc
  include disable-interpreters.inc
  include disable-shell.inc

  noblacklist /sys/fs
  noblacklist /sys/module

  keep-config-pulse
  keep-dev-shm

  name discord
  apparmor
  caps.drop all
  caps.keep sys_admin,sys_chroot
  netfilter
  nodvd
  #nogroups
  #noinput
  nonewprivs
  noroot
  notv
  #nou2f
  #novideo
  protocol unix,inet,inet6
  #shell none

  disable-mnt
  private-cache
  #private-tmp

  noexec /tmp

  dbus-user filter
  dbus-user.talk org.freedesktop.Notifications

  private-bin Discord,cut,echo,egrep,electron,electron[0-9],electron[0-9][0-9],grep,head,sed,sh,tr,xdg-mime,xdg-open,zsh,gzip,wget,curl,notify-send
  private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,ld.so.cache,ld.so.preload,localtime,login.defs,machine-id,password,pki,pulse,resolv.conf,ssl

  noblacklist /usr/lib/discord/
  whitelist ${HOME}/.config/discord
  read-write ${HOME}/.config/discord
  whitelist ${DOWNLOADS}
  whitelist ${HOME}/.config/pulse/*

  include whitelist-common.inc
  include whitelist-var-common.inc
  include whitelist-run-common.inc
  include whitelist-runuser-common.inc

I have some things commented out but you could probably uncomment most.

Some has this, too:

  disable-mnt
  private-dev
  private-cache

  env http_proxy=socks5://127.0.0.1:9050
  env https_proxy=socks5://127.0.0.1:9050

FWIW, once you start whitelisting, it will only have access to those directories and files only, so Discord has no access to anything other than its own directory and ${DOWNLOADS}, which I should probably change.

You should check out the default profiles for many programs / apps under directory "/etc/firejail".

[1] You run it via "firejail Discord" or "firejail ./Discord" if you name it "Discord.profile".

rufugee 2 days ago [ - ]

This is great. Thanks for the detailed reply!

johnisgood 5 hours ago [ - ]

It was not THAT detailed and it makes me feel a bit guilty, so if you have any questions let me know.

wonger_ 2 days ago [ - ]

FYI you can search your comment history with hn.algolia.com:

https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...

johnisgood 2 days ago [ - ]

Thank you, exactly what I have been looking for!

formerly_proven 3 days ago [ - ]

Little snitch can block open(2)?

TomaszZielinski 2 days ago [ - ]

I treat LS as a privacy/anti-telemetry/anti-accident tool, not as anti malware.

Obviously it can detect malware if there’s a connection to some weird site, but it’s more like a bonus than a reliable test.

If you need to block FS access, then per app containers or VMs are the way to go. The container/VM sandboxes your files, and Little Snitch can then manage externa connectivity (you might still want to allow connection to some legit domains—-but maybe not github.com as that can be use to upload your data. I meant something like updates.someapp.com)

HSO 3 days ago [ - ]

Very, very good point

I got lazy

Time to crank the paranoidmeter up again

4ndrewl 3 days ago [ - ]

I believe they're saying it can open, it just can't send the data anywhere.

Seems a little excessive, but here we are.

notpushkin 3 days ago [ - ]

It still can encrypt everything and demand you pay some ₿₿₿₿.

lxgr 2 days ago [ - ]

If it can open and write any file on the OS, it's pretty much game over. Too many ways to exfiltrate data even without network/socket access.

HSO 2 days ago [ - ]

Worse, what keeps this from editing the config files for Little Snitch (or similar blockers)?

TomaszZielinski 2 days ago [ - ]

I believe LS has some protections against this. Never tried them, but there are config related security options, incl. protection against synthetic events. So they definitely put some thought into that.

4ndrewl 2 days ago [ - ]

File system permissions?

qbit42 2 days ago [ - ]

Is this true on Mac? Usually I am notified when programs request access outside the normal sandboxed or temp folders. Not sure how that works in any detail though.

eli a day ago [ - ]

To be fair it also ships with the ability to install community plugins disabled.

raybb 2 days ago [ - ]

Ah I guess that's one reason some folks started running it in a docker container. I think Linux server recently released a container for it.

hsbauauvhabzb 3 days ago [ - ]

To be fair, it’s no worse of a dumpsterfire than any other plug-in ecosystem.