I read about how exploits work, and it looks like many of them work by rewriting the return address on the stack. A lot of effort has been made to make this more complicated (stacked canaries, ASLR, DEP, etc.), but it seems to me that it would be easier for hardware developers to add a register that is accessible only by calling instructions and ret, which will contain return address. Thus, the return address cannot be overwritten by buffer overflow by definition. Since the call and ret are still present and still work the same as in modern CPUs (the only difference is where they store the return address), it seemed to me that there would be no compatibility problems. And since you use the register instead of RAM to access the address, the performance impact is probablywill be positive (albeit insignificant).
Intel seems to be able to allocate more registers for security purposes, since MPX is implemented despite the need to use two additional registers. So why don't they add a special register to store the return address?
source
share