What are the risks of running ‘sudo pip’?

by

When you run pip with sudo, you run setup.py with sudo. In other words, you run arbitrary Python code from the Internet as root. If someone puts up a malicious project on PyPI and you install it, you give an attacker root access to your machine. Prior to some recent fixes to pip and PyPI, an attacker could also run a man in the middle attack to inject their code when you download a trustworthy project.

More Related Contents:

  1. Getting “Permission Denied” when running pip as root on my Mac
  2. Change to sudo user within a python script
  3. pip install: Please check the permissions and owner of that directory
  4. sudo pip install VS pip install –user
  5. How to install packages offline?
  6. “pip install unroll”: “python setup.py egg_info” failed with error code 1
  7. Using Pip to install packages to Anaconda Environment
  8. pip uses incorrect cached package version, instead of the user-specified version
  9. Combining conda environment.yml with pip requirements.txt
  10. Can’t install new packages for Python (Python 3.9.0, Windows 10)
  11. How to install Python package from GitHub? [duplicate]
  12. How to uninstall a package installed with pip install –user
  13. Why can I not create a wheel in python?
  14. What does “error: option –single-version-externally-managed not recognized” indicate?
  15. Python, Error while installing matplotlib
  16. Could not install packages due to an EnvironmentError: [Errno 13]
  17. Can’t install pip packages inside a docker container with Ubuntu
  18. django installation: cannot use pip to install django on linux(ubuntu)
  19. pip install fail with SSL certificate verify failed (_ssl.c:833)
  20. pip: no module named _internal
  21. How to install virtualenv without using sudo?
  22. pip: cert failed, but curl works
  23. pip throws TypeError: parse() got an unexpected keyword argument ‘transport_encoding’ when trying to install new packages
  24. Trouble installing TextBlob with pip
  25. python pip install psycopg2 install error
  26. Can’t install PIL after Mac OS X 10.9
  27. Upgrading pip fails with syntax error caused by sys.stderr.write(f”ERROR: {exc}”)
  28. Do CSRF attacks apply to API’s?
  29. Could not find a version that satisfies the requirement for select requirements
  30. Copy complete virtualenv to another pc

Leave a Comment