• Registered: 2010-04-11
  • Posts: 17

Topic: dmenu-bind and TPE

Hi,

I'd like to propose a change to the way that dmenu is currently configured.

I regularly run kernels with TPE (trusted path execution) or with noexec /home partitions, and as a result, having dmenu's launcher (dmenu-bind.sh) located in ~/.config/dmenu means that the handy Alt-F3 combo that I know and love does not work.  Moving it to /usr/local/bin/dmenu-bind (or some other, similar path) along with changing openbox's rc.xml to reflect the new path would allow for the default CB install to work even on systems with kernels that enforce TPE (or noexec /home partitions).

Thoughts?

Thanks,
Rob

rob@kestrel:~$ uname -a
Linux kestrel 2.6.38.6-rthink-grsec #1 SMP PREEMPT Thu May 12 11:19:37 EDT 2011 x86_64 GNU/Linux
  • Registered: 2010-04-11
  • Posts: 17

Re: dmenu-bind and TPE

To amend the above:

Simply moving the script to /usr/local/bin may not be sufficient, depending on the TPE implementation.  With grsecurity, for example, execution of the dmenu-bind script will still be denied, as /usr/local/bin is owned by root:staff, and is group-writable.  Moving the script will, however, solve the problem of systems that do not allow execution of binaries/scripts in /home.

Cheers,
Rob

rob@kestrel:~$ uname -a
Linux kestrel 2.6.38.6-rthink-grsec #1 SMP PREEMPT Thu May 12 11:19:37 EDT 2011 x86_64 GNU/Linux