This page centralizes how-to guides and discussions related to security for LTSP.
Access to the bootloader shell
LTSP default configuration gives access to the iPXE shell to your user in the same way you can get a grub shell in Ubuntu or other distributions. Access to the bootloader shell can be exploited to get root access on the LTSP client (using systemd debug shell for example). See Disable the iPXE shell to disable access to the bootloader shell.
By default, LTSP uses SSHFS for the users'homes. Be aware that all LTSP users have a ssh access to the LTSP server. This is not a security vulnerability per se. However, a malevolent user could abuse the server resources and / or attempt to get a root access via privilege escalation.
LTSP uses dnsmasq as TFTP server. Although it's possible to use another TFTP server, dnsmasq has the advantage of protecting against TFTP uploads as it only provides read-only access (see
man dnsmasq). For example,
tftpd-hpa allows overriding a file on the TFTP server if it is world writable (
-rw-rw-rw). If you don't need the DNS and (proxy)DHCP capabilities of dnsmasq, see man ltsp dnsmasq.
Disable the iPXE shell
If you use the default LTSP iPXE menu, you can disable the iPXE shell by adding these lines in the server section of ltsp.conf.
[server] POST_IPXE_HIDE_CONFIG="sed '/--key c/d' -i /srv/tftp/ltsp/ltsp.ipxe" POST_IPXE_HIDE_SHELL="sed '/--key s/d' -i /srv/tftp/ltsp/ltsp.ipxe"