-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 04/07/2014 16:04, schrieb Dodier-Lazaro, Steve: > Hi Michael, > >> Is there any reason global shortcuts should lie with an >> application? Wouldn't it make more sense to provide an interface >> on the compositor side, where clients can register a global >> shortcut and the compositor sends an event back in case of the >> shortcut being pressed. >> >> In that case the compositor could follow predefined rules >> switching focus etc. > > The problem is: what are the allowed global shortcuts leaking about > users? > > If it's any key that can be listened to, then we've just gotten > ourselves an API for implementing keyloggers. > > If it's any key + some modifier (Ctrl, Alt, etc) then we need to > see DE by DE what listening to all available key combinations lets > me learn about the user:
I did not meant it in the way of a client listening to keys, but to events sent from the compositor. In no way an application should be allowed to listen to certain key combinations without focus. I thought more about a compositor plugin an application can register to (Authenticated through user) and only if the user allowed the application to receive a special shortcut, then the compositor sends an *event* to the application if that and only that shortcut was used. So the compositor acts as a middleman denieing some rogue application to listen to ctrl+c Best wishes > > - Can I listen to Alt+Tab or to the shortcut used to maximise > windows? If so can I learn the window layout of the user (or at > least whether a window is being displayed or not)? For instance > Martin proposed to use an "Expose" like view of the desktop as a > background for modal authentication dialogs, so that the user knows > it's a compositor (that is capable of moving windows around) that > is asking for your password. If I know that no windows are being > displayed because the user hasn't Alt+Tab'd for a while and just > Alt+F4'd then I can spoof that UI directly and steal your > password. > > - Can I learn if you're playing music? If you're browsing the Web? > If you're typing some document? Is that information alone useful to > profile your activities? > > - Can listening to Ctrl+C allow me to know when you're using the > clipboard despite it being a privileged interface? If I'm sniffing > your network traffic I may know that you've just landed on a site's > authentication page, and you're using the clipboard. You're > probably one of those users who have a password file that they use > to copy credentials from. I may now serve you an exploit on the > clipboard API or an exploit allowing me to scan your FS as I know > there's something that can be monetized. > > Generally speaking, there'll always be someone smarter and more > motivated than us to figure out how to build composite attacks from > seemingly innocuous APIs. So I'd rather lock down what is not > strictly necessary. How many apps need global shortcuts other than > the ones that have a semantic attached to them? How are the GUIs > for handling custom global shortcuts and Preferred handlers for > those semantic keys not enough? > > If we can cater for all common needs without exposing all your > keyboard shortcuts to potential malware, then we've done a great > job. > > Regards, -- Steve Dodier-Lazaro PhD student in Information > Security University College London Dept. of Computer Science Malet > Place Engineering, 6.07 Gower Street, London WC1E 6BT OpenPGP : > 1B6B1670 > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTtsEtAAoJECfkpCAi2eFKzFcIAKkKdUIAlbZ9MK7bjxsLllob EpsJgoS35PlcOvSPQj7Qnvzcx+B059pt9OAhknt8TID28l/M6S8pdGrKwAJ66mo8 g2bHkiVYckR1viJ5EAv5ECyYNdF8hdmiWOQmGN0sJgtBcUhkqXK8drF1EwSevrtm faD/8srG8YYIj6Ke2X7O7FldosIv/Rc/V+V2fMEAJ3yx8O5QUDOUTgcy1cnDF4XE rKHAkqiOJhhstcxInGYSDR1/DxNY3nY4QXU8odUbWmJs1hdjL5LC7T6pRmi9oVFI ciekFyVOiNuAOhxhSBIQzKOfeFxKoMtN/ZVEsxmSHuT7NAGMqO5vCSC3aTj4MVw= =QvR2 -----END PGP SIGNATURE-----
0x22D9E14A.asc
Description: application/pgp-keys
0x22D9E14A.asc.sig
Description: Binary data
_______________________________________________ wayland-devel mailing list wayland-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/wayland-devel
