> In fact, if you do not need a shared secrets service, and your applications are containerized... why do you need a secrets IPC at all? Just let each program store its secrets in some of its supposedly private storage...
If I store my secrets in KWallet, which purports to _storage for secrets_, I absolutely do not expect every application on the desktop to have access to those secrets, whether I want to share them or not.
I can't believe you're suggesting this is sanely defensible.
KWallet has never provided any security guarantee, so I dunno what is your surprise here. Its entire premise is centralization and sharing (i.e. not having to type each individual password over and over in each program).
It's literally how it's always worked, and not just on Linux - this is standard across desktop operating systems. Except MacOS, and very recently
Kwallet is for encryption at rest, so an attacker can't read your secrets if they steal your computer. It IS NOT protection from your own applications running as the same user.
That's just not how Linux desktop works. It's a desktop operating system, it's not iOS. All apps running as your user have your users permissions.
Is it an outdated security model? Yes, enter sandboxing and newer kernel features. If you're not doing that though then you won't get that.
Just run your shit in flatpak, problem solved. Or better yet, don't install malware and only download trusted open source software from trusted repositories.
If I store my secrets in KWallet, which purports to _storage for secrets_, I absolutely do not expect every application on the desktop to have access to those secrets, whether I want to share them or not.
I can't believe you're suggesting this is sanely defensible.