Cheri

All work stated in this blogpost, including the porting of AIxCC Nginx to CHERI and the analysis of CPVs were done solely by me, but I based my port on the existing Nginx CHERI port. I’d like to thank Prof Robert Watson for providing extensive reviews of the contents of this blogpost. I wrote this post a long time ago but I never had the chance to publish it. Someone pinged me and I decided to finally make this publicly available. This is a bit different to my other blogposts: it has a more academic tone and has a focus on CHERI. The analysis of temporal safety bugs is repeated in my other blogpost, the difference being that the focus of this blogpost is CHERI (a hardware memory safety mitigation, see more details at https://cheri-alliance.org/). ...

Why the need for this? Because having some handy commands to immediately generate a CLI visualization is very helpful when debugging a binary for exploit developers (or software development). For example, we can quickly get an idea of the state of the heap, which speeds up the process of debugging heap-based exploits. gef-cheri enables this for the CheriBSD platform in the Morello architecture (CHERI-enabled ARM64). You can still apply the same gef-cheri script to analyse non-CHERI binaries, in which case the behavior should be the same as the original gef. ...