Skip to content

Commit

Permalink
Minor changes to safe language myth blog
Browse files Browse the repository at this point in the history
  • Loading branch information
marnovandermaas authored and davidchisnall committed Aug 29, 2024
1 parent a8889f1 commit 13f6120
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions _posts/2024-08-28-cheri-myths-safe-languages.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,6 @@ This may be in the form of timing side channels, or more subtle things such as c
This doesn't always apply.
For more common tasks, the metaprogramming facilities in a higher-level language may make the rewrite significantly simpler to write and maintain than a C original.


## CHERI does not fix bugs for you

CHERI doesn't guarantee that your code is free from memory-safety errors, it guarantees that any memory-safety bugs will trap and not affect confidentiality or integrity of your program.
Expand Down Expand Up @@ -180,7 +179,7 @@ The [`cheriot-audit` tool](https://github.com/CHERIoT-Platform/cheriot-audit) le
You can reason about the damage from a compromise even if an attacker can gain arbitrary-code execution in a compartment.
For supply-chain security, you should assume that a third-party component is compromised and includes malicious code.
CHERIoT lets you reason about what it can do in these cases.
In contrast, if a Java or Rust component is malicious and uses (intentional or otherwise) unsafe language features, it can to anything that the program can do.
In contrast, if a Java or Rust component is malicious and uses (intentional or otherwise) unsafe language features, it can do anything that the program can do.

## The future should be safe languages on CHERI

Expand Down

0 comments on commit 13f6120

Please sign in to comment.