Are there any security risks with leaving guest account enabled?

Solution 1:

I'm not a security expert, but just browsing the web, I came up with this:

There are, however, some system directories, such as the Unix /tmp directory, that the guest account can write data to that may or may not be deleted at logout (or forced restart). The guest also has access to any installed applications, which could be used to perform malicious actions from your computer. If you must use the guest account, limit its access using Parental Controls. (MacWorld)

Following up on the /tmp directory vulnerability, I found this:

Almost every security professional known that /tmp is the first place that hacker will looking at to place their malicious software and scripts for further gaining root access. However, there several ways to protect system /tmp. In this article will show you a simple method making secure /tmp for Linux and Unix. (PatCup)

If you want some examples of how a malicious hacker could use the /tmp directory to their advantage, here you go:

It is a Unix tradition to use a directory called /tmp (or /var/tmp or even /dev/shm) to hold temporary files used by programs. This prevents a user's home directory from getting full of old useless files.

Since everyone may write files into the /tmp directory, naturally there are some security concerns. One feature of /tmp is that is has the text (or sticky) bit set, which means only the owner (or root) can delete or rename files in that directory. However if an evil hacker can predict your filenames, they can create that file first (a denial of service). They can also read your files, if created using a default umask value of 022. Even if you immediately change the permissions, there will be a window of opportunity to access the file (sometimes called a race condition). (http://content.hccfl.edu/pollock/ShScript/TempFile.htm)

Once again, I don't know much about security so some of the info from the quotes might be incorrect.

Most of that was going over the vulnerabilities of the /tmp directory, but in the first quote it's implied that there are other System directories that could potentially be accessed from the Guest account. However, unless you have top secret government information, I doubt that it's too much of a risk to enable the guest account.