Possible Security Issue?

Forum|Forum|17 years ago
November 12, 2008
6 replies
1206 views

Let me be as crystal clear as possible so there is no confusion.

We have two VM Servers, not to be confused with Virtual Machines themselves... but two physically separate pieces of hardware.

VM 1 and VM 2 both have 1 instance for a webserver that run an installation of ColdFusion 8 Enterprise. One is for our internal applications, another is for our external applications.

VM1 is able to write to ANY network share on VM2. VM2 is able to write to ANY network share on VM1. The only problem is:

1) Neither ColdFusion install is running as a user, they are bother running as local system
2) None of the network shares on either server have any permissions assigned to them other than local system access.
3) I can use the <cffile> tag to upload and overwrite files 100% of the time
4) About 90% of the time I can use <cffile> to delete files. The other 10% of the time I receive the following error:

"ColdFusion could not delete the file *removed* for an unknown reason"

Has anyone else encountered this issue?

This topic has been closed for replies.

R

Raige@ncsuAuthor

Inspiring

Thanks John,

I'll check that out.

As for the permissions issue our sysadmin is being a bit dodgy about the details (security through obfuscation!) for our specific situation. When i know more I'll post it.

J

johnab

Participating Frequently

I'd suggest using one of the sysinternal tools FileMon ( http://technet.microsoft.com/en-us/sysinternals/bb896642.aspx) that shows you file activity in realtime, it's damn handy in situations like this to figure out what's going on.

R

Raige@ncsuAuthor

Inspiring

That's correct. It's obviously some kind of permissions issue, however the local system of VM1 has no connection what so ever on ANY level with VM2.

Once I verified that a ColdFusion 7 server could write to either of the ColdFusion 8 environments I knew that it had nothing to do with ColdFusion.

Once we identify the problem in the environment I will post a detailed explanation of what happened for future users.

N

Newsgroup_User

Inspiring

CF only has the file system access that the a/c it logs in as provide for
it. It does not work at a sufficiently low level to have any sort of
access beyond that (ie: it cannot bypass the OS's own ACLs that are granted
to the a/c CF uses).

So if CF running as localsystem, that means that localsystem has been
granted permissions to the resorces CF is accessing.

That's the long and the short of it.

It seems to me the problem lies with your file system permissions.

--
Adam

R

Raige@ncsuAuthor

Inspiring

Resolution:

Hey all, I wanted to put everyone at ease if they had a similar install. It was not the ColdFusion 8 install like our systems admin had claimed. I did a simple test by installing CF7 on my local machine and using cffile to upload to one of the affected servers. The same results occured. This means there is no way the ColdFusion 8 servers are the cause.

However should anyone have any additional information about this issue please let me know. We're struggling to figure out where the permission resides that's allow things to write to the directories when no permissions are there.

N

Newsgroup_User

Inspiring

>
> "ColdFusion could not delete the file *removed* for an unknown reason"
>
> Has anyone else encountered this issue?
>

No, I have never remotely worked with a configuration as complex as yours.

With the intermittent nature of the error and the fact that both servers
have equal access to each other. Could you occasionally be trying to
delete a file that is being used by another server|process|user at that
moment?

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded