Previously, Swift3 used client-facing HTTP headers to pass the S3 access
key, signature, and normalized request through the WSGI pipeline.
However, swauth did not validate that Swift3 actually set the headers;
as a result, an attacker who has captured a single valid request through
the S3 API may impersonate the user that issued the request indefinitely
through the Swift API.
Now, the S3 authentication information will be taken from a separate,
client-inaccessible namespace in the WSGI environment as defined in the
related change.
UpgradeImpact
This addresses a breaking API change in Swift3. No currently deployed
version of Swift3 will work with this. When upgrading swauth, operators
will need to upgrade Swift3 as well.
Change-Id: Ie5481a316397f46734e9dd0e77a8a87197ceec16
Related-Change: Ia3fbb4938f0daa8845cba4137a01cc43bc1a713c
2a84fe7c69