raxacoricofallapatorius raxacoricofallapatorius - 2 years ago 128
Python Question

What are the risks of running 'sudo pip'?

Occasionally I run into comments or responses that state emphatically that running

pip
under
sudo
is "wrong" or "bad", but there are cases (including the way I have a bunch of tools set up) where it is either much simpler, or even necessary to run it that way.

What are the risks associated with running
pip
under
sudo
?




Note that this in not the same question as this one, which, despite the title, provides no information about risks. This also isn't a question about how to avoid using
sudo
, but about specifically why one would want to.

Answer Source

When you run pip with sudo, you run setup.py with sudo. In other words, you run arbitrary Python code from the Internet as root. If someone puts up a malicious project on PyPI and you install it, you give an attacker root access to your machine. Prior to some recent fixes to pip and PyPI, an attacker could also run a man in the middle attack to inject their code when you download a trustworthy project.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download