Spice up the project README, fill out more docs (#1010)

* Spice up the project README, fill out more docs This is an attempt to spruce up wasmtime's README.md file as well as fill out more of the missing documentation in the `docs/` folder. There's still a long way to go but I hoped here to mostly move around existing information and add new information. As always happy to have feedback! * Tweak CLI wording * Remove no-longer relevant clause * Update sandboxing docs * Handle comments
2020-02-27 17:28:08 -06:00
parent 35d5c6bdde
commit 8caa5a9476
13 changed files with 388 additions and 89 deletions
--- a/docs/security-sandboxing.md
+++ b/docs/security-sandboxing.md
@@ -1,3 +1,22 @@
 # Sandboxing

-... more coming soon
+One of WebAssembly (and Wasmtime's) main goals is to execute untrusted code in
+a safe manner inside of a sandbox. WebAssembly is inherently sandboxed by design
+(must import all functionality, etc). This document is intended to cover the
+various sandboxing implementation strategies that Wasmtime has as they are
+developed.
+
+At this time Wasmtime implements what's necessary for the WebAssembly
+specification, for example memory isolation between instances. Additionally the
+safe Rust API is intended to mitigate accidental bugs in hosts.
+
+Different sandboxing implementation techniques will also come with different
+tradeoffs in terms of performance and feature limitations, and Wasmtime plans to
+offer users choices of which tradeoffs they want to make.
+
+More will be added here over time!
+
+## Spectre
+
+Wasmtime does not yet implement Spectre mitigations, however this is a subject
+of ongoing research.