search

marimo-team / marimo

A reactive notebook for Python — run reproducible experiments, execute as a script, deploy as an app, and version with git.
https://marimo.io
Apache License 2.0
7.95k stars 278 forks source link

Disable autorun on startup by default #2884

Open wasimsandhu opened 4 days ago

wasimsandhu commented 4 days ago

Description

"Autorun on startup" is a user-level configuration that is enabled by default, and thus poses a security risk for marimo users.

Many (if not all) marimo users are former Jupyter notebook users, and in my experience, the expected behavior of opening a notebook is akin to opening a script file: you do not expect it to run just by viewing it.

With marimo, that is not the case. By default, notebooks run when you open them, which paves the way for attackers to share notebooks that execute malicious code to unsuspecting users.

Even worse is the fact that the cells containing malicious scripts can be "hidden" from the user by being at the bottom of the notebook (out of view when a notebook is first opened), but being executed straight away because it references a variable from one of the first cells run.

Suggested solution

Disable autorun on startup by default, and implement app-level autorun configurations.

By disabling autorun on startup, we protect marimo users from malicious attacks spawning from notebook launches.

By implementing a notebook-level configuration for autorun, we allow marimo users to decide which notebooks they trust to open and execute immediately.

Here's a quick table showing the expected behavior of these configurations:

User Config App Config Result
Disabled Disabled Notebook does NOT run on launch
Enabled Disabled Notebook does NOT run on launch.
Disabled Enabled Notebook does NOT run on launch.
Enabled Enabled Notebook runs on launch.

TLDR: The notebook can only be autorun on startup if BOTH user config and app config permit it.

Alternative

You could prompt the user to "trust the notebook" the very first time they open it.

mscolnick commented 4 days ago

Thanks for the explanation. I'm not sure how this helps with security. Seems like the same amount of security as before. Users can just turn off autorun.

wasimsandhu commented 4 days ago

I agree, but I also think it should be turned off by default. It's not obvious to a first time user because it's hidden in Settings icon > User settings > Runtime. It would never be prompted if the user launched a notebook from the command line either.

For me, this seems similar to opening a file in vscode and watching it start to execute. Maybe it's just me?

mscolnick commented 4 days ago

Yea I agree, and something we'd like to solve. That seems sperate so maybe you could open in another issue?

I think there are two issues here. But to keep the conversation aligned, I think it's better to split this issue up as there seems to be multiple requests.