We're currently using component-init to snapshot the state of an initialized app, and the initialization process may involve getting random numbers from the host and using them to seed one or more PRNGs. That could pose a security risk if we don't force those PRNGs to be reseeded on resume, so we should find these cases in wasi-libc and/or CPython. This could also be an issue in Python code and/or native extensions, but it's not clear how we would address that; we may need to leave that up to the application programmer.
We're currently using
component-initto snapshot the state of an initialized app, and the initialization process may involve getting random numbers from the host and using them to seed one or more PRNGs. That could pose a security risk if we don't force those PRNGs to be reseeded on resume, so we should find these cases in wasi-libc and/or CPython. This could also be an issue in Python code and/or native extensions, but it's not clear how we would address that; we may need to leave that up to the application programmer.