[illumen]

Wow. That's a backdoor.

Trying to install stuff without the users permission, and using sudo without the users intent is really not right. How can we trust this if they do such things?

It looks like it is running a sudo command with a python script with scripts under a non-root user. This means that anyone who can write data to that non-root user folder can then run things as root.

ie. I can drop in a .py file and execute whatever code I want. Code run with sudo should not allow this.

[laumars]

The backdoor is `sudo` and if you allow passwordless `sudo` then any program you execute has permissions to run code as root. If you require a password to `sudo` then there's less of an issue as even the LetsEncrypt client would require you to grant permissions to `apt-get`.

That all said, it's still bad form to `apt-get -y` when run with a `--help` flag. Particularly with the `-y flag`. Even if you trust LetsEncrypt (and most of us would), it's still unexpected / non-idiomatic behavior and the `-y` flag means users don't get much time to cancel the operation should any output concern them.

[pde3]

This is a discussion about letsencypt-auto, not the underlying letsencrypt/certbot program. Here's what the docs said about letsencrypt-auto:

"Because not all operating systems have packages yet, we provide a temporary solution via the letsencrypt-auto wrapper script, which obtains some dependencies from your OS and puts others in a python virtual environment: <instructions to download and run letsencrypt-auto>"

If users don't read the label before downloading and running a script, they might be surprised by what it does. But we've learned that users don't read those instructions and get upset anyway, so cerbot-auto now asks for additional interactive permission before installing things.