Why is your banking app entering a secret to your keyring? That would be like writing your safe code in a paper and let it hang onto a physical keyring.
The problem isn't what's on the keyring, the (reported) problem is that it can be arbitrarily inspected in full by any program. Doors should not be able to enumerate and copy all the keys that aren't meant for them.
> Why is your banking app entering a secret to your keyring?
What is any "keyring" for if not to carry things you keep secret and exclusive?
The problem here is leakage between purposes. I don't care if the banking app is just storing my logon name for convenience, even that should never be scrapeable by Linux BonziBuddy. [0]
> That would be like writing your safe code in a paper and let it hang onto a physical keyring.
Why even put any regular keys onto such a horribly flawed keyring either? There's no real difference between (A) seeing combination-lock numbers versus (B) seeing the shape of a key that is trivial to reconstruct. [1]
Unix already have a security model for this: User and Groups. You could create a new user called `banking`. And used that exclusively for any banking activities. Especially with the X11 model where you just have to type `startx` and not have to launch a bazillion software to keep a DE happy.
Have you actually tried that approach, with an individual user for all your programs?
In fact, I was attempting that kind of thing just this week, namely trying to run Spotify (distributed as a snap) as separate user in a visible window. Maybe it's possible, but it's certainly not trivial or turnkey.
