500 server error with MG3

[jen]

Hi,

I'm getting

"Security: The requested template has been denied access to \ModelGlue
\gesture\configuration\ModelGlueConfiguration.xml. The following is
the internal exception message: access denied (java.io.FilePermission
\ModelGlue\gesture\configuration\ModelGlueConfiguration.xml read)

The error occurred in D:\Inetpub\DomainID192060\ModelGlue\gesture
\loading\ColdSpringBootstrapper.cfc: line 39"

with MG3. MG2 works just fine. Anybody seen this before?

[jen]

Here's the full error:

Security: The requested template has been denied access to \ModelGlue
\gesture\configuration\ModelGlueConfiguration.xml.
The following is the internal exception message: access denied
(java.io.FilePermission \ModelGlue\gesture\configuration
\ModelGlueConfiguration.xml read)

The error occurred in D:\Inetpub\DomainID19\ModelGlue\gesture\loading
\ColdSpringBootstrapper.cfc: line 38
Called from D:\Inetpub\DomainID19\ModelGlue\gesture\loading
\ColdSpringBootstrapper.cfc: line 86
Called from D:\Inetpub\DomainID19\ModelGlue\gesture\loading
\ColdSpringBootstrapper.cfc: line 95
Called from D:\Inetpub\DomainID19\ModelGlue\gesture\ModelGlue.cfm:
line 47
Called from D:\Inetpub\DomainID19\ModelGlue\unity\ModelGlue.cfm: line
2
Called from D:\Inetpub\DomainID19\contacts\index.cfm: line 72

36 : <!--- For now, we still have to load the core. --->
37 : <cfset csPath = this.coreColdSpringPath />
38 : <cfif not fileExists(csPath)>
39 : <!--- Let's try to expand the path and see if that helps. --->
40 : <cfset csPath = expandPath(this.coreColdSpringPath) />

[Dan Wilson]

Somehow it looks like the file modelglueconfiguration.xml can't be
read from the file system.

MG2 had a similar process, reading it's own configuration from the filesystem.

I've had file system permission issues before by using a different ftp
user, than the user of the webserver. Though that was on Unix, which
is a little more particular on file permissions.

It looks like you are on windows and on shared hosting. Does your host
block certain operations (like cffile, or createobject, etc)?


Dan

--
“Come to the edge, he said. They said: We are afraid. Come to the
edge, he said. They came. He pushed them and they flew.”

Guillaume Apollinaire quotes

[jen]

Blocked tags was the first thing I looked into. They block very little
(cfexecute, cfregistry, and cfschedule only). I checked the IIS
permissions as well and did not see anything amiss.

And, yes, it's shared on IIS.

MG2 works just fine. As soon as I go the MG3, I get the error.

On Aug 7, 8:39 am, Dan Wilson <sipac...@gmail.com> wrote:
> Somehow it looks like the file modelglueconfiguration.xml can't be
> read from the file system.
>
> MG2 had a similar process, reading it's own configuration from the filesystem.
>
> I've had file system permission issues before by using a different ftp
> user, than the user of the webserver. Though that was on Unix, which
> is a little more particular on file permissions.
>
> It looks like you are on windows and on shared hosting. Does your host
> block certain operations (like cffile, or createobject, etc)?
>
> Dan
>

[Dan Wilson]

Maybe the path isn't what we think it is?

Where exactly does \ModelGlue\gesture\configuration\ModelGlueConfiguration.xml exist on your system?

DW

[jen]

In the root. No mappings.

I installed MG2 in the same fashion and it works like a charm.

When I update to MG3, I get the error.

I wiped all off my root (this is not my main site) and started over
clean with MG3 and still got the error.

[Dan Wilson]

Let's put a dump and see what could be going on inside ModelGlue, shall we? 

Just before this line: (line 38) <cfif not fileExists(csPath)> inside 

D:\Inetpub\DomainID19\ModelGlue\gesture\loading

\ColdSpringBootstrapper.cfc:

Dump out the this scope.

<cfdump var="#this#">

and report back what you find.

[jen]

<cfdump var="#this#"> returns:

java method security exception.
A security exception occurred while invoking java method on a
"java.lang.Class" object. MethodName is getName. Possible cause:
createobject function and cfobject tag are disabled in the security
sandbox or you are trying to create a class in the coldfusion package
and that is disabled.

I can dump individual vars though. For example:

<cfdump var="#this.coreColdSpringPath#">

works and returns

/ModelGlue/gesture/configuration/ModelGlueConfiguration.xml

BTW, this is CF9.

[Dan Wilson]

Jen,

I'm not sure what to say. Obviously there is some sort of sandboxing going on. ModelGlue will need to read files from it's own directory in order to set itself up and run properly. I could be wrong about it being an issue with the host, but I've tested MG on CF9 without issue. (apart from the trace issue, which was fixed and checked in a month ago).

So at this point, I'm at a loss for how to help over email. I would like to know the outcome of this issue, however, because many many people are on shared hosting and if there is some way we can design ModelGlue to work better on shared hosts, I'm all for it.

One thing you could try, just to check out this sandbox, is to set up a test.cfm page in your application directory and try to read the ModelGlueConfiguration.xml file using standard CFFile tags/functions and see if that trips the file permissions...

Please report back if you find something.

DW

[jen]

OK, I put:

<cffile action="read" file="D:\Inetpub\DomainID19\ModelGlue\gesture
\configuration\ModelGlueConfiguration.xml" variable="contents">

<cfoutput>#contents#</cfoutput>

and got

/ModelGlue/gesture/modules/internal/initialization/config/
initialization.xml /ModelGlue/gesture/modules/orm/config/
ModelGlue.xml /ModelGlue/gesture/modules/internal/population/
config/population.xml /ModelGlue/gesture/modules/internal/generation/
config/generation.xml /ModelGlue/gesture/modules/internal/
configuration/config/configuration.xml /ModelGlue/gesture/
modules/internal/invocation/config/
invocation.xml
ModelGlue.gesture.module.XMLModuleLoader false
ModelGlue.gesture.eventhandler.EventHandler 10
60 ModelGlue.gesture.modules.scaffold.beans.Commit
true false ModelGlue.gesture.modules.scaffold.beans.Delete
true false ModelGlue.gesture.modules.scaffold.beans.Edit true
true Form. .cfm ModelGlue.gesture.modules.scaffold.beans.List
true true List. .cfm
ModelGlue.gesture.modules.scaffold.beans.View true true
Display. .cfm

I put in a ticket with the host...
Link to this test:

http://209.200.68.167/fileread.cfm

[jen]

I put:

<cffile action="read" file="D:\Inetpub\DomainID192060\ModelGlue\gesture

\configuration\ModelGlueConfiguration.xml" variable="contents">

<cfoutput>#contents#</cfoutput>

and got:

/ModelGlue/gesture/modules/internal/initialization/config/
initialization.xml /ModelGlue/gesture/modules/orm/config/
ModelGlue.xml /ModelGlue/gesture/modules/internal/population/
config/population.xml /ModelGlue/gesture/modules/internal/generation/
config/generation.xml /ModelGlue/gesture/modules/internal/
configuration/config/configuration.xml /ModelGlue/gesture/
modules/internal/invocation/config/
invocation.xml
ModelGlue.gesture.module.XMLModuleLoader false
ModelGlue.gesture.eventhandler.EventHandler 10
60 ModelGlue.gesture.modules.scaffold.beans.Commit
true false ModelGlue.gesture.modules.scaffold.beans.Delete
true false ModelGlue.gesture.modules.scaffold.beans.Edit true
true Form. .cfm ModelGlue.gesture.modules.scaffold.beans.List
true true List. .cfm
ModelGlue.gesture.modules.scaffold.beans.View true true
Display. .cfm

I also put in a ticket with the host.

[jen]

Sorry about the double post....

[Dan Wilson]

I will be happy to talk/work with the host to figure out the issue. Contact me off list for my cell if you end up needing it.

DW

[Rich]

Jen-

Can I ask who your host is? If you care not to divulge to the whole
group feel free to email me directly ri...@cfsnap.com
I'm curious because I went through a few shared hosts dating back
almost 3 years ago now when I rewrote an app in Mach-II and the JRun
(sorry, it was actually JRocket I think) server simply bogged down and
I could never get the app to even initialize and load. Hence, I'm now
on a VPS, ModelGlue and loving life, for a few more bucks per month.
The shared hosting just never worked for me....

Just curious,

Rich

Rich

Rich Leach
Advanced Certified Adobe ColdFusion Developer
ri...@cfsnap.com
http://www.cfsnap.com
303-913-7338
Instant Messenger:
AOL AIM: cfsnaprich
Instant Video Conference:
APPLE MobileMe: rich...@me.com

[jen]

Actually, I don't mind revealing the host because they have been great
as far as doing everything they can to resolve this. They are looking
into it now.

It's CrystalTech.

On Aug 7, 11:21 am, Rich <r...@cfsnap.com> wrote:
> Jen-
>
> Can I ask who your host is? If you care not to divulge to the whole  

> group feel free to email me directly r...@cfsnap.com

> r...@cfsnap.comhttp://www.cfsnap.com

> 303-913-7338
> Instant Messenger:
> AOL AIM: cfsnaprich
> Instant Video Conference:

> APPLE MobileMe: richle...@me.com

[Rich]

Thanks Jen. I constantly have folks asking me about hosting so anytime
I find someone happy and satisfied I will literally pass it on and
hopefully keep the good folks in business.

If they come back scratching their heads ask them about their JVM
settings, notoriously problematic for us CF'ers running frameworks in
a shared environment....

Thanks again and good luck,

Rich

ri...@cfsnap.com

http://www.cfsnap.com
303-913-7338
Instant Messenger:
AOL AIM: cfsnaprich
Instant Video Conference:

APPLE MobileMe: rich...@me.com

[jen]

OK, I'm lost of this issue...here's the summary.

I signed up for a free CF9 beta hosting account with CrystalTech.

http://forums.crystaltech.com/index.php/topic,34411.0/topicseen.html

The first thing I wanted to do was load up a MG3, create a small app
with it and move on to the ORM stuff in CF9.

I never got past MG3. Couldn't get it up and running.

I tried cleaning out everything I uploaded and uploading a fresh copy.
I tried fixing the issues one by one only to get stymied by something
different. Really I was digging through and changing the MG3 code way
too much. Seems that something outside of the MG3 code is amiss.

If anyone wants to sign up for the free account and load up MG3, maybe
you'll see what I'm seeing.

CrystalTech did some of the same things I did (with the exception of
taking down all my stuff) and got no where as well. They tried.

I asked the host about the JVM settings...waiting to hear back.

Thanks.

[jen]

Here's the latest from the host.

[quote] They have found that if they open the C: drive in the CF
sandbox it will work. Since that is a security problem we cant do that
so we need to determine where model glue is trying to write to on the
C drive. [/quote]

They are still working hard on solving the issue. Can any of you guys
shed some light on this? Sandbox security issue - sounds familiar -
like I have seen others with that problem...

[Dan Wilson]

If I recall, the original problem was triggered when model glue tried
to load it's configuration file. Modelglue was on the same seive as
the local application, wasn't it

[jen]

Well, I'm not ashamed to admit I don't know exactly what you mean -
but, the Coldspring files and ModelGlue files are all in the root with
the app. The app, of course, in its own folder.

Looks like:

ColdSpring/
ModelGlue/
contacts/

On Aug 11, 8:19 pm, Dan Wilson <sipac...@gmail.com> wrote:
> If I recall, the original problem was triggered when model glue tried
> to load it's configuration file. Modelglue was on the same seive as
> the local application, wasn't it
>

> On 8/11/09, jen <jennifer9...@gmail.com> wrote:
>
>
>
>

[Dan Wilson]

Ok, that is the directory structure I thought we were dealing with. 

So in that case, there should be no reason to load any config files or any such thing from the C drive, right?  Everything is off on another drive, and all on the same drive.

Thus, I don't think your host has really gotten to the bottom of the issue yet.

DW

[Brian Swartzfager]

I encountered the same error Jen did ("Security: The requested

template has been denied access to \ModelGlue

\gesture\configuration\ModelGlueConfiguration.xml.") when I uploaded
my fledgling MG3 app from my local box to the hosting environment at
my workplace (where sandbox security is implemented).

It certainly seems to be an issue with sandbox security, because MG3
ran perfectly fine on my local box until I implemented sandbox
security on my local box and threw the Apache virtual host where the
app lived into a sandbox: as soon as I did that, I got the same
security error on my local box.

The only explicit restrictions the sandbox put in place were what
files and directories could be accessed (all tags, all functions were
allowed), I did a LOT of playing around with the sandbox file/
directory permissions to see if I could make MG3 happy again. The
only way I could get MG3 to run under the sandbox was to give the
sandbox the "<<ALL FILES>>" permission (basically letting it access
any file on the machine, as if the sandbox wasn't at all in place), or
permission to "/Volumes/Macintosh HD" (the entire hard drive on my
MacBook Pro machine). I tried narrowing down the permission scope to
the the directories under "/Volumes/Macintosh HD", to no avail: it
wouldn't settle for anything less than the entire hard drive. Maybe
that's what Jen's hosting people observed, which would explain their
assertion about it needing the C: drive.

I tried the diagnostic step Dan suggested earlier in the thread
(adding a cfdump prior to line 38 of the ColdSpringBootstrapper.cfc),
and got the following error:

"The method getClass was not found in component /Users/Brian/Sites/
mgWork/htdocs/ModelGlue/gesture/loading/ColdSpringBootstrapper.cfc.
Ensure that the method is defined, and that it is spelled correctly.

The error occurred in E:\cf8_updates\cfusion\wwwroot\WEB-INF\cftags
\dump.cfm: line 1570"

...my machine is a Mac: there is no "E:" drive (unless CF creates a
virtual drive, which I doubt). Bizarre.

The question I have at this point is if anyone has successfully run
MG3 on their local machine within a CF sandbox, and if so under what
conditions? I don't think my local setup is all that unusual: OS X,
CF 8 using Apache with virtual hosts.

--Brian

[Chris Blackwell]

I've just tested this and i can reproduce the error.

Installed CF8.0.1 in developer mode using built in webserver

turn on Sandbox security and add sandox for <cf_root>\wwwroot, restart server

Place ModelGlue, Coldspring and the modelglueapptemplate in wwwroot

hit http://localhost:8500/modelglueapplicationtemplate/index.cfm and you get the described error

Error Occurred While Processing Request

Security: The requested template has been denied access to \ModelGlue\gesture\configuration\ModelGlueConfiguration.xml

Tested on Windows XP with CF 8,0,1,195765 and java 1.6.0_04  

I believe i have found the cause of this, and i'll post back when i can confirm and hopefully should have a patch

2009/9/17 Brian Swartzfager <bcsw...@gmail.com>

[Chris Blackwell]

Ok,

When ModelGlue loads it attempts to see if certain config files exist based on a relative path before calling expandpath() and trying again, for example fileExists("/ModelGlue/gesture/configuration/ModelGlueConfiguration.xml"). 

It would appear that on certain platforms with sandbox security enabled this will throw an error rather than returning false. The solution is to try/catch these attempts.

The culprits are ModelGlue/gesture/loading/ColdSpringBootstrapper.cfc and ModelGlue/gesture/module/XMLModuleLoader.cfc

I have attached patches for these files which should resolve the issue.

Cheers, Chris

[Dan Wilson]

Thanks Chris,

Lemme see if I can integrate and do integration testing before I have to head out this morning. I'll report back in a half hour.

DW

[Chris Blackwell]

Dan,

If I turn on cf debugging I now get a few access denied exceptions along with the usual coldspring property does not exist exceptions. I've attached them so you can see which filepath's its failing on.

I'm not sure what the expected behaviour of fileExists() is when trying to verify a file outside the sandbox, but my feeling is that a runtime exception would be the correct thing for CF to do. Otherwise you could use it to probe the structure of a server and find security exploits.  

Cheers, Chris

2009/9/18 Dan Wilson <sipa...@gmail.com>

[Dan Wilson]

Ok the original Try/Catch patch stuff is in SVN now and passes unit tests.

I'm not 100% sure how the exceptions will help someone profile the code, wouldn't debugging have too be on to get the messages? Or a nefarious individual would have to have access to the exception logs, which would mean they already have escalated privileges  sufficiently to retrieve that information?

I'm going to leave this in SVN the way it is now, (with the fixed sandbox thingy) and we'll talk further about how to maintain functionality and preserve security. We definitely want to pay attention to security and do all we can to ensure we do not leak information unnecessarily.

DW

[Brian Swartzfager]

I just finished testing the patches Chris made (using just the
standard ModelGlue, coldspring, and modelglueapplicationtemplate
folders).

--On my work hosting environment (CF 7, Solaris, Apache, sandboxed),
the patches worked flawlessly.

--On my local box (CF 8, OS X Leopard, Apache, sandboxed), I did get a
security error regarding access to ColdFusion's WEB-INF folder, but I
suspect that's an outlier related to how I set things up on my system
(and I was able to fix it simply by explicitly granting access to the
WEB-INF folder in the sandbox Files/Dir setting).

So from my personal perspective, the patches are awesome, Chris is
awesome (thank you!), and the day has been saved. :) Hopefully
they'll stand up to integration testing and such, and hopefully
they'll fix Jen's problem as well.

--Brian

[Dan Wilson]

Feel free to pull the latest from SVN and also try it. Chris and I are talking about the security implications and we'll see if/what we need to do to continue to ensure the highest security procedures are folowed.


DW

[Chris Blackwell]

Hi Dan,

I was referring to fileExists() being used to probe the filesystem, not the exceptions.  

The exception is not a security risk in itself because it neither confirms or denies the existence of the target file, only that the attempted location is innaccessible and as you say you would need debugging turned on.

I only attached the exceptions so you could see what i was seeing, in case your environment was unable to reproduce this issue.

[cfcoderphil]

Thanks! I have the same error when I upgrade one of my personal site
today (9/23/2009) and fixed it by adding the try/catch block on
"\ModelGlue\gesture\loading\ColdSpringBootstrapper.cfc" AND "\ModelGlue
\gesture\module\XMLModuleLoader.cfc" files.

Regards,

Eymard

>  ColdSpringBootstrapper.cfc.diff
> 2KViewDownload
>
>  XMLModuleLoader.cfc.diff
> 1KViewDownload

[Dan Wilson]

Eymard,

You might not want to leave your monkey patches in the Model-Glue framework. The updates mentioned in this thread are rolled into the SVN trunk. Please update your code from there and you'll not have compatibility issues in the future.

DW