Idea #28372: Guest-session security enhancements
Rationale:
The "guest session" feature provides one "a convenient way, with a high level of security, to lend their computer to someone else." It also features automatic "purging," in such a way that every guest session starts fresh and clean. However, not being completely isolated from the rest of the system, since it might be possible for an external attacker to achieve root access through privilege escalation through specific-application vulnerability exploits, the guest-session feature should provide enhanced security. Furthermore, while one may be careful concerning the way they run their own system, including browsing using no-script-type extensions, and not opening dubious-origin external files, the person they choose to lend their system to might not be as careful, or might not possess a similar conscience of computing threats, and thus might spend their time in somewhat-dangerous-for-system-health activities. For example, they might, without being aware of related risks, run potentially malicious files (for example, untrustable media files), which might be able, through ingenious crafting, to compromise the system further than the outside boundaries of the temporary guest-session user.
Solution: Confine the guest session using proper software
The guest account should be confined from the rest of the system using proper software (such as AppArmor and SELinux), providing an extra layer of sandboxing from the rest of the system. Indeed, such a proposed user-level sandboxing is just part of the picture, the current application-level sandboxing already having proved its worth in contributing to the prevention of system exploits. However, much more could be done, in that practical world of ours, so as for us to move towards, albeit one step at a time, further such prevention.
Bookmarks