makeFileResource likely can forge references

[MostAwesomeDude]

See totally_safe_transmute for a demonstration in Rust. To prevent this particular attack:

• We could forbid access to procfs via makeFileResource.
• In addition, we could attenuate procfs specifically so that only specific parts of the process can be reflected into user-level code. This attenuated entrypoint capability would be distinct from makeFileResource. The attenuation could include traversal into subprocesses.
• We could ponder randomizing the heap somewhat, or otherwise making it harder to find object addresses. We already have it as an explicit goal that, even upon raw access to the heap, an attacker would have trouble finding the objects to which they want to fraudulently refer.

This isn't urgent, but it's very much the sort of thing that Monte should try to abrogate.

[dckc]

A straightforward, low-cost approach is: document it. That is: document that since makeFileResource provides access to the filesystem, and linux has a /proc/self/mem thingy in the filesystem, that makeFileResource on linux can access process memory in a way that violates encapsulation, memory safety, and sanity itself.