From 9668cc312abbec02d56c3b72798ba84946ecaa15 Mon Sep 17 00:00:00 2001
From: RebeccaMahany <rebeccamahany@gmail.com>
Date: Tue, 19 Nov 2024 09:53:07 -0500
Subject: [PATCH 1/2] Set all env vars on osquery process

---
 pkg/osquery/runtime/osqueryinstance.go | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/pkg/osquery/runtime/osqueryinstance.go b/pkg/osquery/runtime/osqueryinstance.go
index 6d35cc2ca..d8ed71a7b 100644
--- a/pkg/osquery/runtime/osqueryinstance.go
+++ b/pkg/osquery/runtime/osqueryinstance.go
@@ -794,6 +794,9 @@ func (i *OsqueryInstance) createOsquerydCommand(osquerydBinary string, paths *os
 		fmt.Sprintf("--extensions_require=%s", KolideSaasExtensionName),
 	)
 
+	// We need environment variables to be set to ensure paths can be resolved appropriately.
+	cmd.Env = cmd.Environ()
+
 	// On darwin, run osquery using a magic macOS variable to ensure we
 	// get proper versions strings back. I'm not totally sure why apple
 	// did this, but reading SystemVersion.plist is different when this is set.
@@ -802,14 +805,6 @@ func (i *OsqueryInstance) createOsquerydCommand(osquerydBinary string, paths *os
 	// https://github.com/osquery/osquery/pull/6824
 	cmd.Env = append(cmd.Env, "SYSTEM_VERSION_COMPAT=0")
 
-	// On Windows, we want the `SystemDrive` environment variable to be set to ensure paths can be resolved appropriately.
-	// The cmd handles setting `SystemRoot` for us.
-	if runtime.GOOS == "windows" {
-		if systemDrive, found := os.LookupEnv("SystemDrive"); found {
-			cmd.Env = append(cmd.Env, fmt.Sprintf("SystemDrive=%s", systemDrive))
-		}
-	}
-
 	return cmd, nil
 }
 

From aab36b1a5b478af18ac42eaa329aae5a4a37573c Mon Sep 17 00:00:00 2001
From: RebeccaMahany <rebeccamahany@gmail.com>
Date: Tue, 19 Nov 2024 10:48:50 -0500
Subject: [PATCH 2/2] Ensure SystemDrive is always set, no matter what

---
 pkg/osquery/runtime/osqueryinstance.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/pkg/osquery/runtime/osqueryinstance.go b/pkg/osquery/runtime/osqueryinstance.go
index d8ed71a7b..190a71839 100644
--- a/pkg/osquery/runtime/osqueryinstance.go
+++ b/pkg/osquery/runtime/osqueryinstance.go
@@ -805,6 +805,19 @@ func (i *OsqueryInstance) createOsquerydCommand(osquerydBinary string, paths *os
 	// https://github.com/osquery/osquery/pull/6824
 	cmd.Env = append(cmd.Env, "SYSTEM_VERSION_COMPAT=0")
 
+	// On Windows, we need to ensure the `SystemDrive` environment variable is set to _something_,
+	// so if it isn't already set, we set it to an empty string.
+	systemDriveEnvVarFound := false
+	for _, e := range cmd.Env {
+		if strings.Contains(strings.ToLower(e), "systemdrive") {
+			systemDriveEnvVarFound = true
+			break
+		}
+	}
+	if !systemDriveEnvVarFound {
+		cmd.Env = append(cmd.Env, "SystemDrive=")
+	}
+
 	return cmd, nil
 }