堆栈内存溢出
  简体   繁体   English

在Anaconda虚拟环境中安装非python软件包(java更新,c ++更新)是否安全?

[英]Is it safe to install non python packages (java updates, c++ updates) in an Anaconda virtual environment?

 原文  2019-07-10 09:18:37       python/ tensorflow/ dependencies/ anaconda/ virtualenv

问题描述

I am running Anaconda on MacOS and I have multiple virtual environments for different versions of Python, TensorFlow, Pytorch, etc... 我在MacOS上运行Anaconda,并且我具有用于不同版本的Python,TensorFlow,Pytorch等的多个虚拟环境。

Recently I have tried to install Auto-Keras and to build Tensorflow from the source (each in a separate virtual env), and in both cases it asked me to update a bunch of C++ stuff (SWIG, gcc,..), a new java version, among other things, and occasionally it is asking me for my root password halfway through the process. 最近我尝试安装Auto-Keras并从源代码构建Tensorflow(每个都在单独的虚拟环境中),在两种情况下,它都要求我更新一堆新的C ++东西(SWIG,gcc等)。 Java版本等,有时会在过程中途向我询问我的root密码。

With Python style pip install <lib> I always assumed it was safe to do whatever I wanted in a given virtual env, since the whole point what that it containerized the dependencies and packages, and installs in other virtual env won't be broken. 使用Python风格的pip install <lib>我一直认为在给定的虚拟环境中执行我想做的事是安全的,因为从整体上看,它将容器和依赖项容器化并安装在其他虚拟环境中不会被破坏。

But in this case, I am worried, since: 但是在这种情况下,我很担心,因为:

a) They are not installed using pip or conda a)它们不是使用pip或conda安装的

b) It keeps asking me to type in my admin password and changing global configurations like the Java vision etc.... b)一直要求我输入管理员密码并更改全局配置,例如Java视觉等。

Are other packages besides python packages "containerized" in the same way that Python packages are in a virtual env? 除python软件包外,其他软件包是否以与虚拟环境中的python软件包相同的方式“容器化”?

If not, do I risk breaking stuff by upgrading C++, SWIG, Java, etc...? 如果没有,我是否有冒险通过升级C ++,SWIG,Java等来破坏东西的风险?

1 个解决方案

解决方案1
 0  2019-07-10 09:33:38

First, virtual env gives you no protection:) It just modifies PATH environment variable. 首先,虚拟环境不提供任何保护:)它只是修改PATH环境变量。 You are not in a safe sandbox even with Python packages. 即使使用Python包,您也不在安全的沙箱中。 pip install xxx will execute setup.py which could also introduce malware. pip install xxx将执行setup.py ,这也可能引入恶意软件。

Second, yes, they are asking you for sudo permission, and definitely, it is dangerous. 其次,是的,他们要求您提供sudo许可,这绝对是危险的。 But you still can trust who is worth to trust. 但是您仍然可以信任值得信任的人。 After all, you still use a third-party OS instead of creating it on your own right? 毕竟,您仍然使用第三方操作系统而不是自行创建它吗?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 安装python包以纠正anaconda环境 - Install python packages to correct anaconda environment 在 Anaconda 中,如何在非 ROOT 环境中安装软件包? - In Anaconda, How to install packages in NON-ROOT environment? 在anaconda中安装python包 - Install python packages in anaconda 无法在 Anaconda 虚拟环境中安装软件包。 '当前频道不提供套餐' - Unable to install packages in Anaconda virtual environment. 'Packages are not available from current channels' 尝试在 Anaconda 3 虚拟 python 环境中安装 tensorflow 1.12.0 - Trying to install tensorflow 1.12.0 in an Anaconda 3 virtual python environment Anaconda - 更新特定虚拟环境中的软件包 - Anaconda - updating packages in a specific virtual environment 在anaconda创建的虚拟环境中安装软件包的问题 - Issue with installing packages on virtual environment created by anaconda 系统上的软件包更新会影响虚拟环境吗? - Package updates on the system affecting virtual environment? 在虚拟环境python中安装站点包 - Install site-packages inside virtual environment python 每次在python虚拟环境中都需要安装软件包吗? - do I need to install packages every time in python virtual environment?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM