Comment by ibash
3 days ago
lol we told you plugins were insecure years ago. I distinctly remember getting flamed in your discord because I said that they had full disk access. Too little too late.
3 days ago
lol we told you plugins were insecure years ago. I distinctly remember getting flamed in your discord because I said that they had full disk access. Too little too late.
The insecurity is part of the benefit. Obsidian being so open, allowing easy customizing is what makes it great. They should add some more bells, whistles and guards to prevent sneaky social attacks, but they can't close Obsidian all together, or it would kill the app.
There's open, and then there's "full disk access, even outside the vault" open.
What do you propose? Even if they configure node's lowest level file APIs to block any access to paths outside the vault, plugins can still execute arbitrary shell commands who will have access to the entire OS.
And before you say it's useless and should be stopped too, well, that's a fine opinion! But then you lose plugins providing git integration, automated backups, document conversion using pandoc, etc. Many users might value that greatly.
A permission system for their plugins might be the only solution, annoying permission request popups and all.
1 reply →
You better delete all third-party applications for they are having full disk access.
Hello, 2010s called.
In 2026, applications, third or even first party, don't need to have full-disk access, and are not given either. They see a jailroot environment. I give full disk access to the terminal app, and a handful of others. 90% of them, nope.
At least that's the case in macOS, I'm pretty sure Windows can do that too. Linux of course has had such capability since forever, but I guess most distros you need to manually take care of it.
Sadly, Windows cannot do that. Every installed program has full disk access by default. It's very, very difficult to make it not so.
9 replies →
Yes you can sandbox Obsidian on the OS. The point they're making is nearly every third party program ships Without sandboxing. There's nothing special about Obsidian here.
Interesting. Do I get this sandboxing out of the box when I install apps with Homebrew? Or do I need to do something specific?
Would love to enable this for all apps, and add exceptions for the ones that need more access.
I installed Lulu and BlockBlock recently, and want to do more to harden my Mac.
2 replies →
I've never tried to do this or similar in Windows (obviously easy in unix-like environments) but I'm going to bet it's far more trouble than it's worth for 99% of users
6 replies →
In the scenario where you take care of it yourself the rogue plugin would not be an issue either.
I have no idea how to do that in Windows though.
These types of problems usually only get fixed when it’s too late.
"Sorry we got caught" reactiveness.
[dead]
Lol it's a social engineering attack. What are you talking about. Don't run programs you don't trust, especially when being asked to do so by strangers on the line.
[dead]