Global shortkeys and keyboard focus

Michael Schellenberger Costa schellenberger at inb.uni-luebeck.de
Fri Jul 4 07:58:54 PDT 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am 04/07/2014 16:04, schrieb Dodier-Lazaro, Steve:
> Hi Michael,
> 
>> Is there any reason global shortcuts should lie with an
>> application? Wouldn't it make more sense to provide an interface
>> on the compositor side, where clients can register a global
>> shortcut and the compositor sends an event back in case of the
>> shortcut being pressed.
>> 
>> In that case the compositor could follow predefined rules
>> switching focus etc.
> 
> The problem is: what are the allowed global shortcuts leaking about
> users?
> 
> If it's any key that can be listened to, then we've just gotten
> ourselves an API for implementing keyloggers.
> 
> If it's any key + some modifier (Ctrl, Alt, etc) then we need to
> see DE by DE what listening to all available key combinations lets
> me learn about the user:

I did not meant it in the way of a client listening to keys, but to
events sent from the compositor. In no way an application should be
allowed to listen to certain key combinations without focus.

I thought more about a compositor plugin an application can register
to (Authenticated through user) and only if the user allowed the
application to receive a special shortcut, then the compositor sends
an *event* to the application if that and only that shortcut was used.
So the compositor acts as a middleman denieing some rogue application
to listen to ctrl+c

Best wishes

> 
> - Can I listen to Alt+Tab or to the shortcut used to maximise
> windows? If so can I learn the window layout of the user (or at
> least whether a window is being displayed or not)? For instance
> Martin proposed to use an "Expose" like view of the desktop as a
> background for modal authentication dialogs, so that the user knows
> it's a compositor (that is capable of moving windows around) that
> is asking for your password. If I know that no windows are being
> displayed because the user hasn't Alt+Tab'd for a while and just
> Alt+F4'd then I can spoof that UI directly and steal your
> password.
> 
> - Can I learn if you're playing music? If you're browsing the Web?
> If you're typing some document? Is that information alone useful to
> profile your activities?
> 
> - Can listening to Ctrl+C allow me to know when you're using the
> clipboard despite it being a privileged interface? If I'm sniffing
> your network traffic I may know that you've just landed on a site's
> authentication page, and you're using the clipboard. You're
> probably one of those users who have a password file that they use
> to copy credentials from. I may now serve you an exploit on the
> clipboard API or an exploit allowing me to scan your FS as I know
> there's something that can be monetized.
> 
> Generally speaking, there'll always be someone smarter and more
> motivated than us to figure out how to build composite attacks from
> seemingly innocuous APIs. So I'd rather lock down what is not
> strictly necessary. How many apps need global shortcuts other than
> the ones that have a semantic attached to them? How are the GUIs
> for handling custom global shortcuts and Preferred handlers for
> those semantic keys not enough?
> 
> If we can cater for all common needs without exposing all your
> keyboard shortcuts to potential malware, then we've done a great
> job.
> 
> Regards, -- Steve Dodier-Lazaro PhD student in Information
> Security University College London Dept. of Computer Science Malet
> Place Engineering, 6.07 Gower Street, London WC1E 6BT OpenPGP :
> 1B6B1670
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTtsEtAAoJECfkpCAi2eFKzFcIAKkKdUIAlbZ9MK7bjxsLllob
EpsJgoS35PlcOvSPQj7Qnvzcx+B059pt9OAhknt8TID28l/M6S8pdGrKwAJ66mo8
g2bHkiVYckR1viJ5EAv5ECyYNdF8hdmiWOQmGN0sJgtBcUhkqXK8drF1EwSevrtm
faD/8srG8YYIj6Ke2X7O7FldosIv/Rc/V+V2fMEAJ3yx8O5QUDOUTgcy1cnDF4XE
rKHAkqiOJhhstcxInGYSDR1/DxNY3nY4QXU8odUbWmJs1hdjL5LC7T6pRmi9oVFI
ciekFyVOiNuAOhxhSBIQzKOfeFxKoMtN/ZVEsxmSHuT7NAGMqO5vCSC3aTj4MVw=
=QvR2
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x22D9E14A.asc
Type: application/pgp-keys
Size: 2493 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/wayland-devel/attachments/20140704/649c7307/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x22D9E14A.asc.sig
Type: application/octet-stream
Size: 287 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/wayland-devel/attachments/20140704/649c7307/attachment-0001.obj>

More information about the wayland-devel mailing list