Objects it is unsafe to grant access to

It is not safe to grant sandboxed processes access to the following objects under Plash:

Read access to directories owned by or writable by other users. See PlashIssues/HardLinkVulnerability.
- This includes /tmp and /var/tmp.
/dev/tty: See PlashIssues/TtyVulnerability.
/proc/self/fd: The sandboxed process would see the ServerProcess's view of /proc/self/fd.
Write access to ~/.bashrc, or any other file whose contents are executed with the user's full authority. This is of course not specific to Plash.