What are the risks of running 'sudo pip'?

Question

Occasionally I run into comments or responses that state emphatically that running pip under sudo is \"wrong\" or \"bad\", but there are cases (inc

Answer 1

When you run pip with sudo, you run setup.py with sudo. In other words, you run arbitrary Python code from the Internet as root. If someone puts up a malicious project on PyPI and you install it, you give an attacker root access to your machine. Prior to some recent fixes to pip and PyPI, an attacker could also run a man in the middle attack to inject their code when you download a trustworthy project.