55 comments

[ 3.3 ms ] story [ 62.1 ms ] thread
> The victim is prompted to enable the "Installed community plugins" synchronization feature.

Obsidian has the proper protections in place to prevent this type of attack, and the victims are being convinced to ignore them. This is just a successful social engineering event. I hate to see Obsidian dragged down by this headline, since this attack is not exploiting a vulnerability in it or its plugin system.

Even being social engineering, the design of the plugin system allowing this means the platform is completely unusable as a sharing tool. It's good to know but to me this is not "I need to remember to have these settings correct to use a shared Obsidian vault", this for is instead "never accept a shared Obsidian vault, demand a plaintext export".
What is this vibe-coded site? Why does it reiterate the same point 20 time? What are the actual plugins that I need to be on alert for? Chop chop, get to it.
This is just the first detected and reported instance, in all likelyhood such attacks have been happening for some time. When will the fanatic userbsse finally admit that using Obsidian in any enterprise setting is just plain malpractice?

It takes 5 minutes in their Discord channel to see the founders are D&D nerds, not competent engineers. It was never meant for serious work.

Am I the only one who thinks Obsidian is perfect without plugins? Half the reason I switched to it from Anytype was that it was rather spartan in its offerings. If they announced tomorrow they would ban plugins, I would not care.
This. I only use official Obsidian plugins. Security + not depending on OSS maintainer are the main reasons.
I wouldn't say "perfect", but to me it's clear that adding plugins could only make it worse, even without considering the security issues.

What I want from Obsidian is something that "just works". Adding third-party plugin would break this immediately since the plugins can either be straight up buggy, create conflicts with each other or simply become incompatible with new Obsidian releases.

And what I've seen from the community, with people having dozens of plugins installed, is giving me nightmares.

I can see why some would feel the appeal of plugins, and adding two or three can be fine, as long as you do your due diligence. Otherwise it's straight shooting you in the foot.

I found plugins more useful early on in Obsidian's lifespan. Now, its current native feature list is good enough for me.
Obsidian does not have auto update for community plugins. The steps for updating them right now is checking for updates and then updating all or individually.

A bad update to one of the popular plugins could compromise lot of systems.

I really like Obsidian. I use it every day and I don't use any community plugins because the permissions aren't up to snuff. I hope for a day where a plugin defines what it will need and that gets presented to me as a user.

I have to imagine the Obsidian team is going to respond seriously to this and I look forward to seeing what they do. They have my full confidence. I'm surprised the system was initially designed as it is without those better permissions and sandboxing, though.

I started using it too when I got sick of using VS Code to look at md. Glad I never had the need to install any plug-ins! Very poor form on their part from what I can tell.
My worse fear has materialized. This is why I've never used an external Obsidian plugin and only my own plugins. It was only a matter of time before some malicious code ended up in one.
Brother, we are vindicated! There are indeed many cool bits and blobs out there, but I am already trusting one entity to secure my private notes, no way I am taking a pinky-promise from extension XYZ to behave.

(I actually use LogSeq, but same idea applies).

Obsidian CEO here. There is a major update coming soon for plugin security. I think it will address many of the concerns people have raised in this thread. It's a hard problem but we are working on it.

That said, the headline is misleading. This article is about a social engineering attack that requires the user to actively reject multiple safety warnings in Obsidian. As far as I know this is a proof of concept, I haven't seen any reports of users being affected by this attack.

(comment deleted)
> actively reject multiple safety warnings

Is this like a popup? which most people actively accept without blinking

I think plugin/extensions should be a bit harder to run by default. I get the user friction from extra hurdles before using their plugins etc., but I don't think there is an actually safe way to execute arbitrary code, unaudited, without sandboxing, or other restrictions.

Since we have your attention here, let me go on an unrelated note and ask whether you could look into Noteplan's workflow and see if you can add some of the required functionalities to enable replication of its workflow (https://help.noteplan.co/article/160-weekly-planning)?

Plugins like Tasks do offer a Query functionality that allows me to list e.g. weekly tasks on my daily template, replicating most of Noteplan's workflow, except Noteplan relies on being able to easily link those tasks into daily template by drag and dropping them, which internally assigns a unique but hidden by default ID in ^129abz notation (https://help.noteplan.co/article/138-synced-blocks). The latter is already supported by Obsidian, it's just not as "clean" and, AFAIK, impossible to get done when drag and dropping.

Get real, kepano. You’re overestimating the consciousness of most casual users. Having godmode, RCE-capable plug-ins behind few safety warnings that most people will happily ignore to get shit done is not good engineering. I understand the constraints. In your shoes I would at minimum make a different version of the app in which you could allow these plug-ins and not put them under trivial banners within the canonical version of the app. You say you have banners, but these sit in the natural flow of the user journey, the options are clearly available and these banners are merely to exempt you from any liability, not to protect the users.
I don't know how hard it would be but IMHO adding some kind of permissions dialog(?) akin to Android would go a long way. 99% of Obsidian plugins don't need full disk access, or internet access for that matter.
Will there finally be an option to move the .obsidian-folder outside the vault and ignore them inside vaults by default even if plugins are activated?
> multiple safety warnings in Obsidian

Idk, I've always thought it was odd that the "community plugins" settings pane seemed more concerned with assuring the user that community plugins were fine than actually explaining the risk.

There is literally a single sentence about the fact that plugins "may cause data integrity and security issues", and it is hedged with the mealy-mouthed modifier "like any other software you install". The absolute majority of it - maybe 80% of the text by window height - is about the measures Obsidian does to vet and secure plugins. All of it appears to be written with the intent to placate any concerns.

Is this the safety warning? The screen that says that community plugins could cause issues "like any other software", but they're actually super safe and vetted and totally fine? Is it surprising that a person, faced with a screen like this, would be susceptible to a social engineering attack?

I've been using obsidian for years as a paying customer. Will continue to pay as price point is good and it just works. However, unless plugin security massively improves I will never install any plugins.
Obsidian stands beside the terminal and Firefox as one of the pieces of software I use the most every single day. Thank you for all you're doing.

-

I've read the article describing the attack, and my very first thought was utter surprise that the entire attack chain started with someone accepting a shared vault from a stranger via social media (linked in and similar). That seems really, really strange to me.

I've never shared a vault - but if I did, I'd probably do so as a git repo of markdown files.

It would be interesting to see a blog post from Obsidian about "good hygiene for sharing vaults".

Obsidian is great. And glad to see how you’re looking at plugin security. But one more thing you should consider is: How do you reduce the need for plugins for basic product behavior. E.g., I use a plugin to be able to open a file in new tab instead of replacing current tab. That should be a setting, not a plugin I’m forced to use.
I don't understand the hate here. Obsidian is a well working product that scratches many inches. Plugins allow to scratch some more itches, but are not mandatory.

I am using several plugins and would prefer not to, but they allow me to bring the (mobile) app closer to what I want (notably templater and homepage as I want to get a new daily note sorted in monthly folders, which obsidian doesn't seem to allow natively).

Maybe an alternative would also be to more explicitly allow users to create their own scripts - but maybe that's possible and I just don't know.

Overall I think the key challenge with obsidian use is that it offers too much, and there's a lot to fiddle with. While it will bother the power users probably best would be to just move on many ways to "default" behaviours and e.g. make many of the "core plugins" just settings to make the list lsss overwhelming.

Will that new security interfere with plugin functionality though? I can't really do without some of them, in particular selfhosted-livesync. It's not even that I don't want to pay you for hosting my notes, it's that I don't want them on somebody else's server even end to end encrypted. If I could pay and run my own official sync server I probably would.
One thing that bugged me when I made a community plugin was that you have to attach non-git-controlled files to the release (e.g. main.js).

To check if any community plugin is safe, it seems like you'd have to not only review the code on github, but also analyze the github release files to be sure nothing malicious packed in there.

Maybe I'm misunderstanding something about the process, I'd appreciate if anyone could confirm or explain otherwise.

What are the reasons behind the fact that almost all of these plugin systems are so poorly engineered? Is it too much work (ie, there are no good plugin development frameworks that already enable proper isolation/permission capabilities) or "simply" a widespread lack of knowledge of what is needed, so devs learn only after their own system has been abused? Both? Something else?
Reading the content the problem does not start with a plugin in Obisidian store but rather with a malicious vault they lure you to open.
I hope I'm speaking as a minority but when I first started using Obsidian the Youtube videos I watched encourage the usage of community plugins, even with these warnings I would enable the community plugins. You may very well have good actors that eventually turn bad for these plugins and users won't know.

Maybe I just also have a higher personal risk appetite, but even as a dev and knowing these risks I would have enabled the community plugin option. Again, hope I'm just the minority here and not most user behaviour.

One issue seems to be also that there are means dead plugins, not updated for years but still available. Does that mean they are especially stable or just no longer maintained? I don't know but ili applied the same rule I would for FDroid or the play store - not to install anything that isn't actively maintained.

Also I can't tell how to prevent plugin updates. As long as you rely on a known safe version I guess there is never any real risk.

I think it’s fundamentally wrong to base your plugin architecture on running user code in the same space as the application. The proper way is to evaluate plugin scripts in an interpreter running in the application, where you expose functionality through functions and state exposed to the script runtime. This means you can A) sandbox everything and B) check for things like permissions or even request permissions at runtime. It’s harder if you use a language like JavaScript for the application since you essentially have a runtime inside a runtime, but it’s possible to run something like Lua inside JS. Since I use an actually good language like Rust I have many good options for scripting, like Rhai. Lua is also a good option. Go also has multiple options including a couple good Lua libraries. These libraries tend to have performance comparable to Python which is more than enough for most plugins in most apps.
I use the plugin for Git, and the one for tasks. Hope those are safe!
I run Obsidian with restricted capabilities: no network access, and no filesystem access outside its own directory. I only enable network access when updating plugins/themes.

Same way I run any other application that could potentially execute untrusted code.

Obsidian sounds like a nightmare security wise in general.
Yet another reason to not install anything third-party made. Favor batteries, built-in functionality and reject “Unix philosophy” or whatever bullshit people use to ship incomplete software under guise of.
Hopefully this improves workflow for installing plugins offline. It's not bad already but it's not as good as the connected experience.
You say Trojan.

I say shiny horse statue.

Why the hell doesn't the article say WHICH plugins were affected so users can know if they were likely affected?
A long time ago I figured that "nasty Obsidian plugins" were not a matter of if, but when.

So I did the (imho) only sensible thing, and run Obsidian in a sandbox (bwrap). By doing so, I also made sure it runs in a separate networking namespace. For now, I disallow any internet access.

The amount of rage I see here is a bit strange, the whole attraction of Obsidian is that you can turn it into a Swiss army knife (that can hurt you too ofc).

@kepano: you would greatly help me if you could force plugin authors to list the urls they want to access inside the manifest, then let the user per url decide if they want to enable it. I still see some stupid plugin authors download their assets from a CDN or a vague website, from deeply buried in their code. Making url depencies explicit helps firewall automation at a first step. Maybe you could revoke direct network access from plugins, but i am not too knowledgeable about Electron.

Love Obsidian but I've previously commented about the security model for plugins here: https://news.ycombinator.com/item?id=45308131. TLDR: your entire vault (and possibly filesystem) is exposed to every single plugin you install.

I really do think Obsidian needs 2 things to have any reasonable security:

1. It needs to be a lot more batteries-included. A user shouldn't need a plugin for basic functionality.

2. It needs a granular permission system, where each plugin should have to declare and prompt you to allow or reject specific permissions, just like on iOS and Android. The system should enforce that a plugin cannot bypass this.

This is becoming a bit of an epidemic. Not every attack or exploit (and especially not a social engineering one) needs a name out of Metal Gear or a website.
This is a misleading headline. It makes it seem like another supply chain attack where some good plug-in was taken over and used to deliver malware. Thats not the case here. Victims are invited to collaborate on a synced vault which comes preloaded with a non official plug-in that delivers the rat. Very very different story