As non-root, whenever netstat is about to print out a kernel pointer...

print 0x0 instead.  Hides a lot stuff people don't need to see.

6 files changed, 90 insertions, 60 deletions

diff --git a/usr.bin/netstat/inet.c b/usr.bin/netstat/inet.c
index 25f1a0f5fb7..3cf673b2ca9 100644
--- a/usr.bin/netstat/inet.c
+++ b/usr.bin/netstat/inet.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: inet.c,v 1.121 2013/02/05 13:58:02 bluhm Exp $	*/
+/*	$OpenBSD: inet.c,v 1.122 2013/03/20 15:23:37 deraadt Exp $	*/
 /*	$NetBSD: inet.c,v 1.14 1995/10/03 21:42:37 thorpej Exp $	*/
 
 /*
@@ -199,9 +199,9 @@ protopr(u_long off, char *name, int af, u_int tableid, u_long pcbaddr)
 		}
 		if (Aflag) {
 			if (istcp)
-				printf("%*p ", PLEN, inpcb.inp_ppcb);
+				printf("%*p ", PLEN, hideroot ? 0 : inpcb.inp_ppcb);
 			else
-				printf("%*p ", PLEN, prev);
+				printf("%*p ", PLEN, hideroot ? 0 : prev);
 		}
 		if (inpcb.inp_flags & INP_IPV6 && !israw) {
 			strlcpy(namebuf, name0, sizeof namebuf);
@@ -1175,14 +1175,15 @@ socket_dump(u_long off)
 	kread(off, &so, sizeof(so));
 
 #define	p(fmt, v, sep) printf(#v " " fmt sep, so.v);
-	printf("socket %#lx\n ", off);
+#define	pp(fmt, v, sep) printf(#v " " fmt sep, hideroot ? 0 : so.v);
+	printf("socket %#lx\n ", hideroot ? 0 : off);
 	p("%#0.4x", so_type, "\n ");
 	p("%#0.4x", so_options, "\n ");
 	p("%d", so_linger, "\n ");
 	p("%#0.4x", so_state, "\n ");
-	p("%p", so_pcb, ", ");
-	p("%p", so_proto, ", ");
-	p("%p", so_head, "\n ");
+	pp("%p", so_pcb, ", ");
+	pp("%p", so_proto, ", ");
+	pp("%p", so_head, "\n ");
 	p("%d", so_q0len, ", ");
 	p("%d", so_qlen, ", ");
 	p("%d", so_qlimit, "\n ");
@@ -1192,8 +1193,8 @@ socket_dump(u_long off)
 	p("%u", so_siguid, ", ");
 	p("%u", so_sigeuid, "\n ");
 	p("%lu", so_oobmark, "\n ");
-	p("%p", so_splice, ", ");
-	p("%p", so_spliceback, "\n ");
+	pp("%p", so_splice, ", ");
+	pp("%p", so_spliceback, "\n ");
 	p("%lld", so_splicelen, ", ");
 	p("%lld", so_splicemax, ", ");
 	p("%ld", so_idletv.tv_sec, ", ");
@@ -1206,6 +1207,7 @@ socket_dump(u_long off)
 	p("%u", so_rgid, "\n ");
 	p("%d", so_cpid, "\n");
 #undef	p
+#undef	pp
 
 	if (!vflag)
 		return;
@@ -1248,12 +1250,14 @@ protosw_dump(u_long off, u_long pcb)
 	kread(off, &proto, sizeof(proto));
 
 #define	p(fmt, v, sep) printf(#v " " fmt sep, proto.v);
-	printf("protosw %#lx\n ", off);
+#define	pp(fmt, v, sep) printf(#v " " fmt sep, hideroot ? 0 : proto.v);
+	printf("protosw %#lx\n ", hideroot ? 0 : off);
 	p("%#0.4x", pr_type, "\n ");
-	p("%p", pr_domain, "\n ");
+	pp("%p", pr_domain, "\n ");
 	p("%d", pr_protocol, "\n ");
 	p("%#0.4x", pr_flags, "\n");
 #undef	p
+#undef	pp
 
 	domain_dump((u_long)proto.pr_domain, pcb, proto.pr_protocol);
 }
@@ -1273,7 +1277,7 @@ domain_dump(u_long off, u_long pcb, short protocol)
 	kread((u_long)dom.dom_name, name, sizeof(name));
 
 #define	p(fmt, v, sep) printf(#v " " fmt sep, dom.v);
-	printf("domain %#lx\n ", off);
+	printf("domain %#lx\n ", hideroot ? 0 : off);
 	p("%d", dom_family, "\n ");
 	printf("dom_name %.*s\n", sizeof(name), name);
 #undef	p
@@ -1315,15 +1319,16 @@ inpcb_dump(u_long off, short protocol, int af)
 	}
 
 #define	p(fmt, v, sep) printf(#v " " fmt sep, inp.v);
-	printf("inpcb %#lx\n ", off);
-	p("%p", inp_table, "\n ");
+#define	pp(fmt, v, sep) printf(#v " " fmt sep, hideroot ? 0 : inp.v);
+	printf("inpcb %#lx\n ", hideroot ? 0 : off);
+	pp("%p", inp_table, "\n ");
 	printf("inp_faddru %s, inp_laddru %s\n ", faddr, laddr);
 	HTONS(inp.inp_fport);
 	HTONS(inp.inp_lport);
 	p("%u", inp_fport, ", ");
 	p("%u", inp_lport, "\n ");
-	p("%p", inp_socket, ", ");
-	p("%p", inp_ppcb, "\n ");
+	pp("%p", inp_socket, ", ");
+	pp("%p", inp_ppcb, "\n ");
 	p("%#0.8x", inp_flags, "\n ");
 	p("%d", inp_hops, "\n ");
 	p("%u", inp_seclevel[0], ", ");
@@ -1333,17 +1338,18 @@ inpcb_dump(u_long off, short protocol, int af)
 	p("%#x", inp_secrequire, ", ");
 	p("%#x", inp_secresult, "\n ");
 	p("%u", inp_ip_minttl, "\n ");
-	p("%p", inp_tdb_in, ", ");
-	p("%p", inp_tdb_out, ", ");
-	p("%p", inp_ipo, "\n ");
-	p("%p", inp_ipsec_remotecred, ", ");
-	p("%p", inp_ipsec_remoteauth, "\n ");
+	pp("%p", inp_tdb_in, ", ");
+	pp("%p", inp_tdb_out, ", ");
+	pp("%p", inp_ipo, "\n ");
+	pp("%p", inp_ipsec_remotecred, ", ");
+	pp("%p", inp_ipsec_remoteauth, "\n ");
 	p("%d", in6p_cksum, "\n ");
-	p("%p", inp_icmp6filt, "\n ");
-	p("%p", inp_pf_sk, "\n ");
+	pp("%p", inp_icmp6filt, "\n ");
+	pp("%p", inp_pf_sk, "\n ");
 	p("%u", inp_rtableid, "\n ");
 	p("%d", inp_pipex, "\n");
 #undef	p
+#undef	pp
 
 	switch (protocol) {
 	case IPPROTO_TCP:
@@ -1365,8 +1371,9 @@ tcpcb_dump(u_long off)
 	kread(off, (char *)&tcpcb, sizeof (tcpcb));
 
 #define	p(fmt, v, sep) printf(#v " " fmt sep, tcpcb.v);
-	printf("tcpcb %#lx\n ", off);
-	p("%p", t_inpcb, "\n ");
+#define	pp(fmt, v, sep) printf(#v " " fmt sep, hideroot ? 0 : tcpcb.v);
+	printf("tcpcb %#lx\n ", hideroot ? 0 : off);
+	pp("%p", t_inpcb, "\n ");
 	p("%d", t_state, "");
 	if (tcpcb.t_state >= 0 && tcpcb.t_state < TCP_NSTATES)
 		printf(" (%s)", tcpstates[tcpcb.t_state]);
@@ -1429,4 +1436,5 @@ tcpcb_dump(u_long off)
 	p("%u", t_pmtud_th_seq, "\n ");
 	p("%u", pf, "\n");
 #undef	p
+#undef	pp
 }
diff --git a/usr.bin/netstat/main.c b/usr.bin/netstat/main.c
index b861fb702f6..88c0c694a64 100644
--- a/usr.bin/netstat/main.c
+++ b/usr.bin/netstat/main.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: main.c,v 1.94 2012/08/22 06:08:07 tedu Exp $	*/
+/*	$OpenBSD: main.c,v 1.95 2013/03/20 15:23:37 deraadt Exp $	*/
 /*	$NetBSD: main.c,v 1.9 1996/05/07 02:55:02 thorpej Exp $	*/
 
 /*
@@ -142,6 +142,7 @@ static struct protox *name2protox(char *);
 static struct protox *knownname(char *);
 u_int gettable(const char *);
 
+int hideroot;
 
 kvm_t *kvmd;
 
@@ -162,6 +163,8 @@ main(int argc, char *argv[])
 	int Tflag = 0;
 	int repeatcount = 0;
 
+	hideroot = getuid();
+
 	af = AF_UNSPEC;
 	tableid = getrtable();
 
diff --git a/usr.bin/netstat/netstat.h b/usr.bin/netstat/netstat.h
index 131d61b8e83..bad8b97e271 100644
--- a/usr.bin/netstat/netstat.h
+++ b/usr.bin/netstat/netstat.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: netstat.h,v 1.64 2012/12/05 23:20:25 deraadt Exp $	*/
+/*	$OpenBSD: netstat.h,v 1.65 2013/03/20 15:23:37 deraadt Exp $	*/
 /*	$NetBSD: netstat.h,v 1.6 1996/05/07 02:55:05 thorpej Exp $	*/
 
 /*
@@ -64,6 +64,7 @@ int	af;		/* address family */
 
 extern	char *__progname; /* program name, from crt0.o */
 
+extern int hideroot;
 
 int	kread(u_long addr, void *buf, int size);
 char	*plural(u_int64_t);
diff --git a/usr.bin/netstat/route.c b/usr.bin/netstat/route.c
index 86c7f615f7f..8acf9febe36 100644
--- a/usr.bin/netstat/route.c
+++ b/usr.bin/netstat/route.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: route.c,v 1.89 2013/01/16 10:53:14 deraadt Exp $	*/
+/*	$OpenBSD: route.c,v 1.90 2013/03/20 15:23:37 deraadt Exp $	*/
 /*	$NetBSD: route.c,v 1.15 1996/05/07 02:55:06 thorpej Exp $	*/
 
 /*
@@ -221,8 +221,9 @@ p_rtnode(void)
 	struct radix_mask *rm = rnode.rn_mklist;
 
 	if (rnode.rn_b < 0) {
-		snprintf(nbuf, sizeof nbuf, " => %p", rnode.rn_dupedkey);
-		printf("\t  (%p)%s", rnode.rn_p,
+		snprintf(nbuf, sizeof nbuf, " => %p",
+		    hideroot ? 0 : rnode.rn_dupedkey);
+		printf("\t  (%p)%s", hideroot ? 0 : rnode.rn_p,
 		    rnode.rn_dupedkey ? nbuf : "");
 		if (rnode.rn_mask) {
 			printf(" mask ");
@@ -234,7 +235,8 @@ p_rtnode(void)
 		}
 	} else {
 		snprintf(nbuf, sizeof nbuf, "(%d)", rnode.rn_b);
-		printf("%6.6s (%p) %16p : %16p", nbuf, rnode.rn_p, rnode.rn_l,
+		printf("%6.6s (%p) %16p : %16p", nbuf,
+		    hideroot ? 0 : rnode.rn_p, rnode.rn_l,
 		    rnode.rn_r);
 	}
 
@@ -245,13 +247,14 @@ p_rtnode(void)
 		kread((u_long)rm, &rmask, sizeof(rmask));
 		snprintf(nbuf, sizeof nbuf, " %d refs, ", rmask.rm_refs);
 		printf("\n\tmk = %p {(%d),%s",
-		    rm, -1 - rmask.rm_b, rmask.rm_refs ? nbuf : " ");
+		    hideroot ? 0 : rm,
+		    -1 - rmask.rm_b, rmask.rm_refs ? nbuf : " ");
 		p_rtflags(rmask.rm_flags);
 		printf(", ");
 		if (rmask.rm_flags & RNF_NORMAL) {
 			struct radix_node rnode_aux;
 
-			printf("leaf = %p ", rmask.rm_leaf);
+			printf("leaf = %p ", hideroot ? 0 : rmask.rm_leaf);
 			kread((u_long)rmask.rm_leaf, &rnode_aux, sizeof(rnode_aux));
 			p_sockaddr(kgetsa((struct sockaddr *)rnode_aux.rn_mask),
 			    0, 0, -1);
diff --git a/usr.bin/netstat/show.c b/usr.bin/netstat/show.c
index 2ec93b20fa8..8e2b3615f72 100644
--- a/usr.bin/netstat/show.c
+++ b/usr.bin/netstat/show.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: show.c,v 1.37 2013/01/16 10:53:14 deraadt Exp $	*/
+/*	$OpenBSD: show.c,v 1.38 2013/03/20 15:23:37 deraadt Exp $	*/
 /*	$NetBSD: show.c,v 1.1 1996/11/15 18:01:41 gwr Exp $	*/
 
 /*
@@ -131,15 +131,20 @@ p_rttables(int af, u_int tableid)
 	mib[5] = 0;
 	mib[6] = tableid;
 	mcnt = 7;
-
-	if (sysctl(mib, mcnt, NULL, &needed, NULL, 0) < 0)
-		err(1, "route-sysctl-estimate");
-	if (needed > 0) {
-		if ((buf = malloc(needed)) == 0)
+	while (1) {
+		if (sysctl(mib, mcnt, NULL, &needed, NULL, 0) == -1)
+			err(1, "route-sysctl-estimate");
+		if (needed == 0)
+			break;
+		if ((buf = realloc(buf, needed)) == NULL)
 			err(1, NULL);
-		if (sysctl(mib, mcnt, buf, &needed, NULL, 0) < 0)
+		if (sysctl(mib, mcnt, buf, &needed, NULL, 0) == -1) {
+			if (errno == ENOMEM)
+				continue;
 			err(1, "sysctl of routing table");
+		}
 		lim = buf + needed;
+		break;
 	}
 
 	printf("Routing tables\n");
@@ -166,18 +171,23 @@ p_rttables(int af, u_int tableid)
 	mib[2] = PF_KEY_V2;
 	mib[3] = NET_KEY_SPD_DUMP;
 	mib[4] = mib[5] = 0;
-
-	if (sysctl(mib, 4, NULL, &needed, NULL, 0) == -1) {
-		if (errno == ENOPROTOOPT)
-			return;
-		err(1, "spd-sysctl-estimate");
-	}
-	if (needed > 0) {
-		if ((buf = malloc(needed)) == 0)
+	while (1) {
+		if (sysctl(mib, 4, NULL, &needed, NULL, 0) == -1) {
+			if (errno == ENOPROTOOPT)
+				return;
+			err(1, "spd-sysctl-estimate");
+		}
+		if (needed == 0)
+			break;
+		if ((buf = realloc(buf, needed)) == NULL)
 			err(1, NULL);
-		if (sysctl(mib, 4, buf, &needed, NULL, 0) == -1)
+		if (sysctl(mib, 4, buf, &needed, NULL, 0) == -1) {
+			if (errno == ENOMEM)
+				continue;
 			err(1,"sysctl of spd");
+		}
 		lim = buf + needed;
+		break;
 	}
 
 	if (buf) {
diff --git a/usr.bin/netstat/unix.c b/usr.bin/netstat/unix.c
index e80c917f0d4..188b5344298 100644
--- a/usr.bin/netstat/unix.c
+++ b/usr.bin/netstat/unix.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: unix.c,v 1.15 2010/10/30 23:06:05 bluhm Exp $	*/
+/*	$OpenBSD: unix.c,v 1.16 2013/03/20 15:23:37 deraadt Exp $	*/
 /*	$NetBSD: unix.c,v 1.13 1995/10/03 21:42:48 thorpej Exp $	*/
 
 /*-
@@ -122,9 +122,12 @@ unixdomainpr(struct socket *so, caddr_t soaddr, u_long pcbaddr)
 		first = 0;
 	}
 	printf("%*p %-6.6s %6ld %6ld %*p %*p %*p %*p",
-	    PLEN, soaddr, socktype[so->so_type], so->so_rcv.sb_cc,
-	    so->so_snd.sb_cc, PLEN, unp->unp_vnode, PLEN, unp->unp_conn,
-	    PLEN, unp->unp_refs, PLEN, unp->unp_nextref);
+	    PLEN, hideroot ? 0 : soaddr,
+	    socktype[so->so_type], so->so_rcv.sb_cc, so->so_snd.sb_cc,
+	    PLEN, hideroot ? 0 : unp->unp_vnode,
+	    PLEN, hideroot ? 0 : unp->unp_conn,
+	    PLEN, hideroot ? 0 : unp->unp_refs,
+	    PLEN, hideroot ? 0 : unp->unp_nextref);
 	if (m)
 		printf(" %.*s",
 		    (int)(m->m_len - (int)(sizeof(*sa) - sizeof(sa->sun_path))),
@@ -145,14 +148,15 @@ unpcb_dump(u_long off)
 	kread(off, &unp, sizeof(unp));
 
 #define	p(fmt, v, sep) printf(#v " " fmt sep, unp.v);
-	printf("unpcb %#lx\n ", off);
-	p("%p", unp_socket, "\n ");
-	p("%p", unp_vnode, ", ");
+#define	pp(fmt, v, sep) printf(#v " " fmt sep, hideroot ? 0 : unp.v);
+	printf("unpcb %#lx\n ", hideroot ? 0 : off);
+	pp("%p", unp_socket, "\n ");
+	pp("%p", unp_vnode, ", ");
 	p("%u", unp_ino, "\n ");
-	p("%p", unp_conn, ", ");
-	p("%p", unp_refs, ", ");
-	p("%p", unp_nextref, "\n ");
-	p("%p", unp_addr, "\n ");
+	pp("%p", unp_conn, ", ");
+	pp("%p", unp_refs, ", ");
+	pp("%p", unp_nextref, "\n ");
+	pp("%p", unp_addr, "\n ");
 	p("%#0.8x", unp_flags, "\n ");
 	p("%u", unp_connid.uid, ", ");
 	p("%u", unp_connid.gid, ", ");
@@ -162,4 +166,5 @@ unpcb_dump(u_long off)
 	p("%d", unp_ctime.tv_sec, ", ");
 	p("%ld", unp_ctime.tv_nsec, "\n");
 #undef p
+#undef pp
 }