Are there any security risks with leaving guest account enabled?

macos guest-account

Solution 1:

I'm not a security expert, but just browsing the web, I came up with this:

There are, however, some system directories, such as the Unix /tmp directory, that the guest account can write data to that may or may not be deleted at logout (or forced restart). The guest also has access to any installed applications, which could be used to perform malicious actions from your computer. If you must use the guest account, limit its access using Parental Controls. (MacWorld)

Following up on the /tmp directory vulnerability, I found this:

Almost every security professional known that /tmp is the first place that hacker will looking at to place their malicious software and scripts for further gaining root access. However, there several ways to protect system /tmp. In this article will show you a simple method making secure /tmp for Linux and Unix. (PatCup)

If you want some examples of how a malicious hacker could use the /tmp directory to their advantage, here you go:

It is a Unix tradition to use a directory called /tmp (or /var/tmp or even /dev/shm) to hold temporary files used by programs. This prevents a user's home directory from getting full of old useless files.

Since everyone may write files into the /tmp directory, naturally there are some security concerns. One feature of /tmp is that is has the text (or sticky) bit set, which means only the owner (or root) can delete or rename files in that directory. However if an evil hacker can predict your filenames, they can create that file first (a denial of service). They can also read your files, if created using a default umask value of 022. Even if you immediately change the permissions, there will be a window of opportunity to access the file (sometimes called a race condition). (http://content.hccfl.edu/pollock/ShScript/TempFile.htm)

Once again, I don't know much about security so some of the info from the quotes might be incorrect.

Most of that was going over the vulnerabilities of the /tmp directory, but in the first quote it's implied that there are other System directories that could potentially be accessed from the Guest account. However, unless you have top secret government information, I doubt that it's too much of a risk to enable the guest account.

Related

How to make Apple TV play episodes consecutively?
What happens if you have more than 1 apple id associated with 1 account...?
Link Contacts between Facebook and iCloud
Mac Vector Image Tools
Dangers of limiting fan-speed
Is a classical music friendly "Composer List" view possible in iTunes 11?
iPad mobile safari printing
Siri location reminders problem
Siri reports my correct birthday, but then uses wrong date when asked how many days until my birthday
Does the iPad 3/4 charger use a standard C7/C8 interface?
iTunes 11 doesn't remember to show cloud purchases
Shared Internet apply /etc/hosts