(GH-840) Do not set User Environment for SYSTEM

If the user is Local System, do not set user environment variables. Typically SYSTEM only looks at machine environment variables, so we need to emulate that same behavior to ensure we are not setting values that are incorrect.
chocolatey · Aug 9, 2016 · 2ca80f7 · 2ca80f7
1 parent 4c46138
commit 2ca80f7
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/src/chocolatey/infrastructure.app/ApplicationParameters.cs b/src/chocolatey/infrastructure.app/ApplicationParameters.cs
@@ -16,7 +16,7 @@
 namespace chocolatey.infrastructure.app
 {
     using System;
-    using System.Text.RegularExpressions;
+    using System.Security.Principal;
     using adapters;
     using filesystem;
     using Environment = System.Environment;
@@ -73,6 +73,8 @@ public static class ApplicationParameters
         public static readonly string ChocolateyPackageExitCodeEnvironmentVariableName = "ChocolateyExitCode";
         public static readonly string PowerShellModulePathProcessProgramFiles = _fileSystem.combine_paths(System.Environment.GetFolderPath(System.Environment.SpecialFolder.ProgramFiles), "WindowsPowerShell\\Modules");
         public static readonly string PowerShellModulePathProcessDocuments = _fileSystem.combine_paths(System.Environment.GetFolderPath(System.Environment.SpecialFolder.MyDocuments), "WindowsPowerShell\\Modules");
+        public static readonly string LocalSystemSidString = "S-1-5-18";
+        public static readonly SecurityIdentifier LocalSystemSid = new SecurityIdentifier(LocalSystemSidString);
 
         public static class Environment
         {

diff --git a/src/chocolatey/infrastructure.app/configuration/EnvironmentSettings.cs b/src/chocolatey/infrastructure.app/configuration/EnvironmentSettings.cs
@@ -21,6 +21,7 @@ namespace chocolatey.infrastructure.app.configuration
     using System.ComponentModel;
     using System.Linq;
     using System.Reflection;
+    using System.Security.Principal;
     using System.Text;
     using adapters;
     using logging;
@@ -169,7 +170,23 @@ public static void update_environment_variables()
 
             // refresh current values with updated values, mathine first
             refresh_environment_variables(machineVariables);
-            refresh_environment_variables(userVariables);
+
+            //if the user is SYSTEM, we should not even look at user Variables
+            var setUserEnvironmentVariables = true;
+            try
+            {
+                var userIdentity = WindowsIdentity.GetCurrent();
+                if (userIdentity != null && userIdentity.User == ApplicationParameters.LocalSystemSid)
+                {
+                    setUserEnvironmentVariables = false;
+                }
+            }
+            catch (Exception ex)
+            {
+                "chocolatey".Log().Debug("Unable to determine current user to determine if LocalSystem account (to skip user env vars).{0} Reported error: {1}".format_with(Environment.NewLine, ex.Message));
+            }
+
+            if (setUserEnvironmentVariables) refresh_environment_variables(userVariables);
 
             // restore process overridden variables
             if (originalEnvironmentVariables.Contains(ApplicationParameters.Environment.Username)) Environment.SetEnvironmentVariable(ApplicationParameters.Environment.Username, userName);