Security issue: Logseq leaks graph's content outside of its directory. #7970
Replies: 16 comments 2 replies
-
Yep Logseq saves notes data outside of the users selected folder for their graph/notes. I can see my notes in plaintext in the corresponding For something like VeraCrypt to be useful, all we need is a portable option for the graph, where these files are all stored in the users graph/notes folder. For example in :make-graph-portable? true If true, the users graph folder will have one more folder: For example: .git/
.sync/
assets/
draws/
exports/
journals/
logseq/
pages/
whiteboards/
.graph/ <-------- This is a new folder that contains the graph `.transit` file from `~/.logseq/graphs/` This way, the graph is 100% portable and can be stored on a VeraCrypt volume securely. Also you will want to add The above is my guess at what a possible solution might look like. |
Beta Was this translation helpful? Give feedback.
-
Thanks! The solution looks good to me. I'm happy to review PR on this. |
Beta Was this translation helpful? Give feedback.
-
I would argue that this should not even be a configurable option, it should just be the case always. |
Beta Was this translation helpful? Give feedback.
-
@danilofaria |
Beta Was this translation helpful? Give feedback.
-
@cnrpman the file could be there and just be ignored by the sync service. I don't see any issues. Or am I missing something? |
Beta Was this translation helpful? Give feedback.
-
@danilofaria It's not a problem for Logseq Sync or git with We should keep the default setting simple and make it easy for most people. So a configurable option is more reasonable to me. |
Beta Was this translation helpful? Give feedback.
-
@cnrpman honestly idk if the biggest surprise is having this large file as part of the contents or having a plaintext file with all your sensitive data lying somewhere else in your computer without you knowing about it. To me, the latter is a much bigger issue, as it goes against Logseq's philosophy of "you have control of your data". And in any case, this file is not that big, since it is just text, and also Logseq already has a bunch of text under It could be configurable, but I would argue that the default should be for it to be together with the other files. |
Beta Was this translation helpful? Give feedback.
-
@danilofaria |
Beta Was this translation helpful? Give feedback.
-
@cnrpman I don't think it is so big that you can't put it on Dropbox or similar. But if you think so, then it is alright to do it as @drawingthesun suggested and have it configurable and by default keep it out. Some users will be surprised to find out their notes are stored elsewhere, but at least they will have a way to configure it to keep all files together. Do you think there's any chance this ticket will get picked up any time soon? |
Beta Was this translation helpful? Give feedback.
-
@danilofaria logseq/src/electron/electron/handler.cljs Lines 255 to 260 in bc568f6 And need to use a dummy file to replace the .transit file used here:logseq/src/electron/electron/handler.cljs Lines 208 to 215 in bc568f6 |
Beta Was this translation helpful? Give feedback.
-
@cnrpman would you mind explaining this bit in more detail? |
Beta Was this translation helpful? Give feedback.
-
@cnrpman can you also give pointers on how to define config options and how to access them in code and make the value accessible from this file you linked? |
Beta Was this translation helpful? Give feedback.
-
@cnrpman I found a workaround to this which was making the leaked |
Beta Was this translation helpful? Give feedback.
-
If you mean the global config, it's available in main process (which the file I mentioned above belongs to) https://github.com/logseq/logseq/blob/master/src/electron/electron/configs.cljs If you mean the per-repo config helper, it is only accessible from renderer process, so IPC required to send the config to main process..
Logseq would load internal DB cache from the |
Beta Was this translation helpful? Give feedback.
-
I just came across this issue->discussion after having the same concern. Could symlinks be an option? I already found sensitive data in the However, trying the same trick with the Any idea if a minor change would allow it to do so? |
Beta Was this translation helpful? Give feedback.
-
My current workaround is to encrypt the contents of |
Beta Was this translation helpful? Give feedback.
-
What happened?
The issue described here is a security flaw.
One would expect that by encrypting all contents in the Logseq notes folder, the notes are safe. But in reality all notes can be read in plain text at
~/.logseq/graphs
.This is a deal breaker for many users.
Reproduce the Bug
Expected Behavior
one would expect that after encrypting notes, they are no longer accessible to anyone without the encryption keys.
Screenshots
No response
Desktop Platform Information
No response
Mobile Platform Information
No response
Additional Context
No response
Beta Was this translation helpful? Give feedback.
All reactions