运行“ sudo pip”有什么风险?

问题:运行“ sudo pip”有什么风险?

有时,我会遇到一些评论或回应,它们强调说pipsudo“错误”或“不良”情况下运行,但在某些情况下(包括我设置了一堆工具的方式),情况可能要简单得多,甚至有必要这样运行。

什么是与运行相关的风险pipsudo


请注意,这个问题与这个问题不同,尽管有标题,但没有提供有关风险的信息。这也不是关于如何避免使用的问题sudo,而是关于为什么要使用的问题。

Occasionally I run into comments or responses that state emphatically that running pip under sudo is “wrong” or “bad”, but there are cases (including the way I have a bunch of tools set up) where it is either much simpler, or even necessary to run it that way.

What are the risks associated with running pip under sudo?


Note that this in not the same question as this one, which, despite the title, provides no information about risks. This also isn’t a question about how to avoid using sudo, but about specifically why one would want to.


回答 0

当您pip使用时sudo,您会setup.py使用sudo。换句话说,您可以从互联网上以根用户身份运行任意Python代码。如果有人在PyPI上放置了一个恶意项目,然后安装了该项目,则可以使攻击者具有对计算机的根访问权限。在对pipPyPI和PyPI 进行一些最新修复之前,攻击者还可能在您下载值得信赖的项目时,在中间攻击中让一名男子注入他们的代码。

When you run pip with sudo, you run setup.py with sudo. In other words, you run arbitrary Python code from the Internet as root. If someone puts up a malicious project on PyPI and you install it, you give an attacker root access to your machine. Prior to some recent fixes to pip and PyPI, an attacker could also run a man in the middle attack to inject their code when you download a trustworthy project.


回答 1

除了明显的安全风险(我认为安装已知的软件时,风险实际上较低)之外,还有其他原因。系统随附的Python是该系统的一部分,当您要管理系统时,可以使用专为系统维护而设计的工具,例如在安装/升级/卸载软件时的软件包管理器。当您开始使用第三方工具(在本例中为pip)修改系统软件时,就无法保证系统状态。另一个原因是,sudo可能会给您带来问题,否则您将没有机会或很少会有其他问题。例如,请参阅python中sys.executable和sys.version之间的不匹配

发行版已意识到此问题,并尝试减轻它。例如,Fedora – 使sudo pip安全; Debian – dist-packages而不是site-packages

Besides obvious security risks (which I think are in fact low when you install software you know) brought in other answers there is another reason. Python that comes with the system is part of this system and when you want to manage system you use tools designated for system maintenance like package manager in case of installing/upgrading/uninstalling software. When you start to modify system’s software with third party tools (pip in this instance) then you have no guarantee about the state of your system. Yet another reason is that sudo can bring you problems you wouldn’t have a chance or have a very small chance to have otherwise. See for example Mismatch between sys.executable and sys.version in Python

Distros are aware of this problem and try to mitigate it. For example Fedora – Making sudo pip safe and Debian – dist-packages instead of site-packages.


回答 2

以这种方式使用pip意味着您可以信任它到允许它对系统进行任何操作的程度。不仅是点子,而且还会从您可能不信任的来源下载并执行的任何代码,这可能是恶意的。

pip不需要所有这些特权,只需要对特定文件和目录的写权限。如果您不能使用系统的程序包管理器并且不想使用虚拟环境,则可以创建一个对python安装目录具有写权限的特定用户,并将其用于pip。这样,您可以更好地控制可以做什么和不可以做什么。您可以使用sudo -u它!

Using pip that way means you trust it to the level you allow it to make anything to your system. Not only pip, but also any code it will download and execute from sources you may not trust and that can be malicious.

And pip doesn’t need all that privileges, only the write access to specific files and directories. If you can’t use your system’s package manager and do not want to go the virtual environment way, you may create a specific user that has write privilege to the python installation directory and use it for pip. That way you better control what can pip do and not do. And you can use sudo -u for that!


回答 3

唯一“错误”的地方sudo是,它确实是以超级用户ala根身份运行的,这意味着您可能使用错误的命令破坏安装。由于PIP是特定程序的软件包维护,因此无论如何都需要这种访问权限才能进行更改…

The only thing “wrong” with sudo is that it, well, DOes as Super User ala root meaning you can potentially destroy an installation with the wrong command. As PIP is a package maintenance for a particular program you would need such access anyhow to make changes…