You should rebuild using libgmp = 5 to avoid timing attack vulnerability.
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了You should rebuild using libgmp = 5 to avoid timing attack vulnerability.相关的知识,希望对你有一定的参考价值。
问题描述:
系统:centos 6.x
yum -y install ansible
运行ansible的命令,后报错:
ansible all -m ping
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
略。。。。。。
首先这不算是一个报错信息,而是一个安全提示信息,是说系统自带的gmp库版本太低,容易遭受攻击,需要升级到gmp 5.x,这是由于使用epel源安装ansible造成的一个bug,这是相关说明网址:
https://github.com/ansible/ansible/issues/6941
在网上找了很久,也试了很多次,但是都不成功,基本思路都是通过升级gmp,并重新安装python相关模块的方式进行修复,其实解决办法很简单,在警告信息中已经告诉了警告的文件位置,只要注释掉相关信息即可。
解决方法:
cp /usr/lib64/python2.6/site-packages/Crypto/Util/number.py{,.bak}
sed -i "s/^if/#&/" /usr/lib64/python2.6/site-packages/Crypto/Util/number.py
再次运行ansible,就没有了警告显示。
备注:
通过源码方式安装,可以避免这个问题,相关网址:
http://ansible-tran.readthedocs.io/en/latest/docs/intro_installation.html#githubansible
If you want to suppress spurious warnings/errors, use(用于忽略警告信息):
$ source ./hacking/env-setup -q
本文出自 “TOP榜” 博客,请务必保留此出处http://top88.blog.51cto.com/11341662/1885169
以上是关于You should rebuild using libgmp = 5 to avoid timing attack vulnerability.的主要内容,如果未能解决你的问题,请参考以下文章
解决You are using pip version 9.0.1, however version 10.0.1 is available. You should consider upgradin
You are using pip version 9.0.1, however version 18.0 is available. You should consider upgrading vi
成功解决You are using pip version 9.0.1, however version 9.0.3 is available. You should consider upgra(示
解决如下问题:You are using pip version 8.1.1, however version 18.0 is available. You should consider upgra
Unity 报错之 Scope was not disposed, You should use the ‘using‘ keyword or manually call Dispose.
安装第三方库openpyxl时,报错:You are using pip version 19.0.3, however version 20.2b1 is available. You should