Comment on global shortcuts security
spitzak at gmail.com
Mon Sep 24 16:53:20 PDT 2012
Keystrokes should be sent to the application first. Only if the
application refuses them should they be considered global shortcuts.
I think this will fix most of the security problems you raise. It also
means there can be simpler shortcuts, currenlty global shortcuts require
the holding down of an excessive number of shift keys to avoid conflicts
with any possible shortcut in a program.
Piotr Rak wrote:
> Although I am not security expert, I'd like to share my input into
> this topic, so putting on my black hat...
> It is probably not great discovery, but I believe that minimal
> requirement for given combination of keys, to be allowed as global
> shortcut is that is not printable and not whitespace given currently
> selected keyboard layout. Such combination should never be delivered
> to application, that doesn't have active keyboard focus.
More information about the wayland-devel