Don't use a separate Project.toml

[dpsanders]

I have been caught out several days times by IJulia automatically using a Project.toml from the directory in which it is started.

I feel strongly that this is a gotcha -- it should use the same standard Project.toml as the standard Julia REPL, unless I explicitly say otherwise.

[twavv]

I also pointed out on slack a while ago that this has security implications as well (as @StefanKarpinski frequently points out, there is a reason that projects aren't activated by default).

[stevengj]

I'm fine with disabling this.

[fredrikekre]

See lengthy discussion in #820. Also #925.

Personally I am in favor of the current behavior.

[twavv]

I'd like to elaborate on the security implications.

@StefanKarpinski wrote (in #820)

This seems sensible since starting a notebook in a directory already implicitly works in that directory. The reason that julia itself doesn't do this by default is that merely starting julia in a directory is not a sufficiently strong signal from the user that they trust the content of that directory and want to let it control what code they run, but it seems like starting a notebook server in a given directory is probably a strong enough indication from the user that they want to do just that.

Essentially, Stefan is saying that starting a notebook server is a sufficiently strong signal from the user that they trust the content of that directory. That statement is subjective so I'm not going to argue that it's wrong (in probably 99% of cases, it is true that the user completely trusts the contents of the notebook).

However that's not consistent with Jupyter's own security system which essentially boils down to the question Did the current user do this?. Simply opening a notebook is not meant to be license to execute arbitrary code. That is why HTML is sanitized and JavaScript is stripped out if that HTML/JS was produced by someone other than the current user. Yes, Jupyter is meant to allow execution of arbitrary code, but only the arbitrary code that the user explicitly runs.

Currently, simply opening a Notebook (e.g., to view what a colleague sent you) is capable of executing arbitrary code (using the "manifest poisoning" attack that is prevented against by not using --project=@. by default).

---

I don't think adding

using Pkg
Pkg.activate(".")

to the top of a notebook is such a burden (that tends to be where all of the using ... statements are anyway). We're already miles ahead of Python here. Additionally, one usually has to instantiate the project anyway (all of my notebooks also include Pkg.instantiate() at the top).

[stevengj]

(Note that, even if this feature is disabled, you can install a custom IJulia kernel to use with a particular project.)

[goerz]

I'm not sure that I follow the security implications. @twavv Can you elaborate on the "manifest poisoning attack"?

As far as I can tell, simply running a Jupyter notebook server in a specific directory and opening a Julia notebook does not run any code. Running the notebook would, but the user still has to instantiate the project, in any case.

So I lack the imagination how IJulia picking up project environments automatically is a serious security concern. If the notebook contains

using Pkg
Pkg.activate(".")

at the top, does that change anything? Running the notebook without inspection still executes arbitrary code. And of course, in general, if I download untrusted code (notebooks) from somewhere and then run it, of course I'm exposing myself to security issues.

[twavv]

I am no longer using Julia in my day-to-day life, so take this with a grain of salt, but opening a notebook can allow arbitrary code execution because the Manifest.toml can "redirect" IJulia to a malicious package. The notebook will load IJulia (the malicious version) as soon as its opened without the user having to run any code blocks.

I remember creating a proof-of-concept for this at some point but it's been a while.