What are the risks of running 'sudo pip'?
Occasionally I run into comments or responses that state emphatically that running
sudo is "wrong" or "bad", but there are cases (including the way I have a bunch of tools set up) where it is either much simpler, or even necessary to run it that way.
What are the risks associated with running
Note that this in not the same question as this one, which, despite the title, provides no information about risks. This also isn't a question about how to avoid using
sudo, but about specifically why one would want to.
When you run
sudo, you run
sudo. In other words, you run arbitrary Python code from the Internet as root. If someone puts up a malicious project on PyPI and you install it, you give an attacker root access to your machine. Prior to some recent fixes to
pip and PyPI, an attacker could also run a man in the middle attack to inject their code when you download a trustworthy project.
★ Back to homepage or read more recommendations: