Comment on global shortcuts security

Bill Spitzak spitzak at
Mon Sep 24 16:53:20 PDT 2012

Keystrokes should be sent to the application first. Only if the 
application refuses them should they be considered global shortcuts.

I think this will fix most of the security problems you raise. It also 
means there can be simpler shortcuts, currenlty global shortcuts require 
the holding down of an excessive number of shift keys to avoid conflicts 
with any possible shortcut in a program.

Piotr Rak wrote:
> Hi,
> Although I am not security expert, I'd like to share my input into
> this topic, so putting on my black hat...
> It is probably not great discovery, but I believe that minimal
> requirement for given combination of keys, to be allowed as global
> shortcut is that is not printable and not whitespace given currently
> selected keyboard layout. Such combination should never be delivered
> to application, that doesn't have active keyboard focus.

More information about the wayland-devel mailing list