From 9a6c59cc305d3c29884ab3e51d9100204244e7d1 Mon Sep 17 00:00:00 2001
From: kylecarbs <kyle@carberry.com>
Date: Mon, 6 Jun 2022 19:04:02 +0000
Subject: [PATCH] fix: Apply environment variables to startup script

This was stopping `coder` from being in the path, and allowed
applications started in the script to bypass injected environmnet
variables like `GIT_SSH_COMMAND`.
---
 agent/agent.go | 20 ++++----------------
 1 file changed, 4 insertions(+), 16 deletions(-)

diff --git a/agent/agent.go b/agent/agent.go
index 4859e35f08395..dbb51445d9793 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -155,20 +155,10 @@ func (a *agent) run(ctx context.Context) {
 	}
 }
 
-func (*agent) runStartupScript(ctx context.Context, script string) error {
+func (a *agent) runStartupScript(ctx context.Context, script string) error {
 	if script == "" {
 		return nil
 	}
-	currentUser, err := user.Current()
-	if err != nil {
-		return xerrors.Errorf("get current user: %w", err)
-	}
-	username := currentUser.Username
-
-	shell, err := usershell.Get(username)
-	if err != nil {
-		return xerrors.Errorf("get user shell: %w", err)
-	}
 
 	writer, err := os.OpenFile(filepath.Join(os.TempDir(), "coder-startup-script.log"), os.O_CREATE|os.O_RDWR, 0600)
 	if err != nil {
@@ -178,12 +168,10 @@ func (*agent) runStartupScript(ctx context.Context, script string) error {
 		_ = writer.Close()
 	}()
 
-	caller := "-c"
-	if runtime.GOOS == "windows" {
-		caller = "/c"
+	cmd, err := a.createCommand(ctx, script, nil)
+	if err != nil {
+		return xerrors.Errorf("create command: %w", err)
 	}
-
-	cmd := exec.CommandContext(ctx, shell, caller, script)
 	cmd.Stdout = writer
 	cmd.Stderr = writer
 	err = cmd.Run()