Comment on global shortcuts security

Kristian Høgsberg hoegsberg at
Tue Sep 25 08:15:46 PDT 2012

On Mon, Sep 24, 2012 at 04:53:20PM -0700, Bill Spitzak wrote:
> Keystrokes should be sent to the application first. Only if the
> application refuses them should they be considered global shortcuts.



> I think this will fix most of the security problems you raise. It
> also means there can be simpler shortcuts, currenlty global
> shortcuts require the holding down of an excessive number of shift
> keys to avoid conflicts with any possible shortcut in a program.
> Piotr Rak wrote:
> >Hi,
> >
> >Although I am not security expert, I'd like to share my input into
> >this topic, so putting on my black hat...
> >
> >It is probably not great discovery, but I believe that minimal
> >requirement for given combination of keys, to be allowed as global
> >shortcut is that is not printable and not whitespace given currently
> >selected keyboard layout. Such combination should never be delivered
> >to application, that doesn't have active keyboard focus.
> _______________________________________________
> wayland-devel mailing list
> wayland-devel at

More information about the wayland-devel mailing list