2008-02-10  Robert Millan  <address@hidden>

	* normal/command.c (unset_command): Erase the contents of the variable
	we're about to unset, before actually unsetting it.

diff -x configure -x config.h.in -x CVS -x '*~' -x '*.mk' -urp ../grub2/normal/command.c ./normal/command.c
--- ../grub2/normal/command.c	2007-07-22 01:32:29.000000000 +0200
+++ ./normal/command.c	2008-02-10 21:42:44.000000000 +0100
@@ -274,10 +274,19 @@ static grub_err_t
 unset_command (struct grub_arg_list *state __attribute__ ((unused)),
 	       int argc, char **args)
 {
+  char *value;
+
   if (argc < 1)
     return grub_error (GRUB_ERR_BAD_ARGUMENT,
 		       "no environment variable specified");
 
+  value = grub_env_get (args[0]);
+
+  /* Users may store sensitive information in their variables (e.g. passwords),
+     so erase its content here when they choose to unset them.  */
+  if (value)
+    grub_memset (value, 0, grub_strlen (value));
+
   grub_env_unset (args[0]);
   return 0;
 }