Global shortkeys and keyboard focus

Michael Schellenberger Costa schellenberger at inb.uni-luebeck.de
Fri Jul 4 06:19:08 PDT 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04.07.2014 12:53, Dodier-Lazaro, Steve wrote:
> Hi Fabrice,
> 
>> Hi all, This topic came up in my previous one about window
>> placement, and I'd like to go further. So currently there is no
>> such thing as Global shortkeys and keyboard focus, however let me
>> present a typical real use-case: [...]
>> 
>> Now, I've read some vague things about privileged clients, is it
>> still being considered ?
> 
> Note that most of the formalisation that occurred was done by
> Martin Peres from Nouveau (and to a lesser extent myself; I'm not a
> Wayland dev at all though).
> 
> We're hoping to have a number of PoC demos of privileged clients
> for XDC but are both really really busy with our research (both PhD
> students). It's not clear if we will have implemented stuff to
> demonstrate... If you want/need to work on global shortcuts in the
> next weeks I can make an effort to make our latest discussions and
> plans available in a concise form.
> 
>> Would it be some Android-like capabilities that the user
>> validates on installation or the first time they are required by
>> the application ? What are the plans for these 2 key features ?
> 
> We only discussed what the privileges are. Intercepting global
> shortcuts is a privilege so your app would need to either: - have a
> capability to register a global shortcut itself - be entitled by a
> trusted third party to using a specific global shortcut
> 

Is there any reason global shortcuts should lie with an application?
Wouldn't it make more sense to provide an interface on the compositor
side, where clients can register a global shortcut and the compositor
sends an event back in case of the shortcut being pressed.

In that case the compositor could follow predefined rules switching
focus etc.

Best wishes
Michael

> A capability should be granted to a package by a distributor, most
> likely. This means distros who care about security would setup a
> process to verify why app devs/packagers want a capability for
> their app (whilst allowing core projects such as DEs/distro apps to
> have privileges and be deployable right away).
> 
> The second point is a bit fuzzier, especially for global shortcuts.
> For some privileged interfaces once apps can be sandboxed on Linux,
> [and once I've written a decently secure UI embedding protocol *],
> they can be given widgets from a trusted third-party that the user
> can interact with to organically grant privileges. Apps should also
> have some nice APIs for opening and exporting resources in a secure
> way.
> 
> You can tell that it's hard to find out how to provide a global
> shortcut UI abstraction that is unambiguous to users, especially
> since I understand your app will be GUI-less. Xfce has a GUI for
> assigning global shortcuts to commands, and I believe other DEs do
> as well. This utility will typically be the one holding a 
> capability for intercepting any global shortcut.
> 
> Your app should normally not qualify for such a privilege, so make
> your event triggerable via a CLI call and get users to assign the
> shortcut to your app. If DEs are willing to grant you full global
> shortcut privileges without assessing who you are, what your app
> does and in what ways your app can be compromised, they will
> probably have security issues in the future.
> 
> Feel free to work with distrubotrs to sketch out a process for
> granting and revoking capabilities to third-party apps, etc. but I
> think this problem goes well beyond the scope of Wayland privileged
> interfaces!
> 
> PS: you were the person proposing to let apps know or adjust their
> position on the screen? This, typically, creates vulnerabilities
> and makes trusted UI embedding much harder if not compromised. If
> you have specific use-cases that need to be supported, please come
> discuss them with us (#wayland-security on Freenode or this ML, I
> guess) so we can think of secure ways to support your needs without
> compromising the separation between clients and trusted UIs.
> 
> Thanks,?? -- Steve Dodier-Lazaro PhD student in Information
> Security University College London Dept. of Computer Science Malet
> Place Engineering, 6.07 Gower Street, London WC1E 6BT OpenPGP :
> 1B6B1670?
> 
> 
> 
> 
> _______________________________________________ wayland-devel
> mailing list wayland-devel at lists.freedesktop.org 
> http://lists.freedesktop.org/mailman/listinfo/wayland-devel
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTtqnMAAoJECfkpCAi2eFKDHYH/il5ooHSHfwPHlElbOB3SbxI
isa5PZ16kBcf5heh9Sjdg/SCfkLHjt9eSECuF8AnqRi5F1ykG0U4bej53cDm13t+
WLFvYlWyxa2esgPk83kMA8PmPOmTWMshhuZrGwcgMl5BXxt/fu44GH77ULXl3GLI
6GxGN2E/BWwjrF7IANRfbob4DGeesK5w24U84GDrp3u1KBpnASbz1/yUj7q8KSYW
Pq5RgORUpLJ0nboV2551rgebbbttm3jFqQUgT53OLpEsb8P6MOb2K8+Z/IauE/hv
JPDaSYzPRixhne68nyptE4BjJHOd63Ac0iElIN8JdGtVTR3TAuNSYZRiGenWzXQ=
=JQ80
-----END PGP SIGNATURE-----

More information about the wayland-devel mailing list