tracker issue : CF-4206898

select a category, or use search below
(searches all categories and all time range)
Title:

Intermittent issues with random templates, appears related to Sandbox Security

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/Duplicate

Reporter/Name(from Bugbase): Ken W. / ()

Created: 01/27/2020

Components: Security, Sandbox

Versions: 2018

Failure Type: Crash

Found In Build/Fixed In Build: Multiple builds /

Priority/Frequency: Normal / All users will encounter

Locale/System: English / Win 2016

Vote Count: 0

We've been experiencing Intermittent but very similar errors since right after applying Update 5/Update 12 to each of our servers. When the problem arises, the application is unusable to anyone. Initially we were restarting each instance experiencing the problem. Further investigation showed simply making a change  to the root Application.cfc (as simple as an empty cf comment) would force a recompile and the problem would clear. Later realized just flushing template cache was much easier. However, when the problem is present, CF Admin is often inaccessible so an admin api call was required to flush template cache. The problem usually appears with the root index.cfm template but is sometimes seen at lower levels in an app.

Reviewing exception logs suggested a common problem with SecurityManager. In order to get some relief over the recent holidays we set template cache count to zero to reduce errors and force compile on every page request. Ultimately have had to turn off Security Sandboxing entirely across all servers. Have not seen the problem at all since turning off Security Sandboxing.

Example exception logs/stacktraces for each server are attached.

We are not able to replicate the problem at will. However, turning on Security Sandboxing causes the problem to return within a short timeframe.

Happy to discuss the issue further if helpful. Any suggestions welcome since leaving Sandboxing off is not acceptable.

Attachments:

Comments:

On 1/17/2020 I enabled Sandbox Security on my local development install (MacOS Catalina). No sandboxes were defined, just turned it on, restarted the server and went about my business On 1/27/2020 I tried to enter CF Admin and received a blank white screen just as we have seen on our production servers anytime this issue arises. Not apps being used locally reflected the problem at the time. Restarting the server resolved the problem. Exception log reflects the same looping condition, spiralling death that we see with these errors in production: at java.base/java.security.AccessController.checkPermission(AccessController.java:895) at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322) at java.base/java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1066) at java.base/java.lang.System.getProperty(System.java:810) at coldfusion.util.SoftCache.get_statsOff(SoftCache.java:143) at coldfusion.util.SoftCache.get(SoftCache.java:81) at coldfusion.util.Utils.getCanonicalFile(Utils.java:357) at coldfusion.security.BasicPolicy.getPermissionCollection(BasicPolicy.java:149) at coldfusion.security.BasicPolicy.getPermissions(BasicPolicy.java:109) at java.base/java.security.Policy.getPermissions(Policy.java:684) at java.base/java.security.Policy.implies(Policy.java:737) at java.base/java.security.ProtectionDomain.implies(ProtectionDomain.java:321) at java.base/java.security.ProtectionDomain.impliesWithAltFilePerm(ProtectionDomain.java:353) at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:450)
Comment by Ken W.
31974 | January 28, 2020 04:35:33 PM GMT