feat(security): add plugin signature allowlisting and security hardening
Implement Phase 3 of Custom DNS Provider Plugin Support with comprehensive
security controls for external plugin loading.
Add CHARON_PLUGIN_SIGNATURES env var for SHA-256 signature allowlisting
Support permissive (unset), strict ({}), and allowlist modes
Add directory permission verification (reject world-writable)
Configure container with non-root user and read-only plugin mount option
Add 22+ security tests for permissions, signatures, and allowlist logic
Create plugin-security.md operator documentation
Security controls:
Signature verification with sha256: prefix requirement
World-writable directory rejection
Non-root container execution (charon user UID 1000)
Read-only mount support for production deployments
Documented TOCTOU mitigation with atomic deployment workflow
This commit is contained in:
GitHub Actions
@@ -424,6 +424,7 @@ When reporting plugin issues, include:
|
||||
|
||||
## See Also
|
||||
|
||||
- [Plugin Security Guide](./plugin-security.md)
|
||||
- [Plugin Development Guide](../development/plugin-development.md)
|
||||
- [DNS Provider Configuration](./dns-providers.md)
|
||||
- [Security Best Practices](../../SECURITY.md)
|
||||
|
||||
Reference in New Issue
Block a user