I've been a long-timer Obsidian user with a number of plugins. Recently I launched ZeroQuarry (a product to scan code for security vulnerabilities) and pointed it at a number of Obsidian plugins. I was initially surprised to find out that so many of them had RCEs baked in: that if you open a malicious .md file, you could inadvertently run untrusted code.
I've reached out to a number of the Obsidian plugin maintainers for responsible disclosure to let them know about the issues and how to fix them, and what surprised me even more was that the most common response was roughly "yeah, we all know Obsidian plugins are basically unsafe when used against untrusted markdown content." I was surprised by this response as an Obsidian user with a number of plugins installed. It made me rethink how I think about plugins.
I like their new community program that attempts to identify some risks, but IMO it's just far too little. Obsidian really needs to have a sandboxed system. I've reached out to Obsidian as well to flag some of these risks and suggested a sandbox system as well, but haven't really had much progress in moving the needle, so I wanted to raise awareness here.
As far as I can tell, every issue you flagged in this article is now automatically caught in the new plugin review system launched last week. The new system prevents plugin updates from being released/downloaded if any of these issues are present.
The team is also working on adding permissions and more controls, see the recent announcement and HN discussion:
Since last week hundreds of plugins have been updated to patch vulnerabilities. That said there is a lot more to do and we're actively working on it. It's a very high priority.
If there are any other checks you think we should add to the automated review system I'd be happy to look into those. Since the review system is mostly open source you can also contribute to it directly, though perhaps that would be in conflict with the purpose of your company since our approach doesn't use AI for now?
I've been a long-timer Obsidian user with a number of plugins. Recently I launched ZeroQuarry (a product to scan code for security vulnerabilities) and pointed it at a number of Obsidian plugins. I was initially surprised to find out that so many of them had RCEs baked in: that if you open a malicious .md file, you could inadvertently run untrusted code.
I've reached out to a number of the Obsidian plugin maintainers for responsible disclosure to let them know about the issues and how to fix them, and what surprised me even more was that the most common response was roughly "yeah, we all know Obsidian plugins are basically unsafe when used against untrusted markdown content." I was surprised by this response as an Obsidian user with a number of plugins installed. It made me rethink how I think about plugins.
I like their new community program that attempts to identify some risks, but IMO it's just far too little. Obsidian really needs to have a sandboxed system. I've reached out to Obsidian as well to flag some of these risks and suggested a sandbox system as well, but haven't really had much progress in moving the needle, so I wanted to raise awareness here.
As far as I can tell, every issue you flagged in this article is now automatically caught in the new plugin review system launched last week. The new system prevents plugin updates from being released/downloaded if any of these issues are present.
The team is also working on adding permissions and more controls, see the recent announcement and HN discussion:
https://obsidian.md/blog/future-of-plugins/
https://news.ycombinator.com/item?id=48109970
Since last week hundreds of plugins have been updated to patch vulnerabilities. That said there is a lot more to do and we're actively working on it. It's a very high priority.
If there are any other checks you think we should add to the automated review system I'd be happy to look into those. Since the review system is mostly open source you can also contribute to it directly, though perhaps that would be in conflict with the purpose of your company since our approach doesn't use AI for now?