When Mach ports are received by e.g. the browser process from a less privileged process, they are assumed to be send rights with a ref owned by the sending process.

It may not always be possible to extract an owned send right immediately upon receipt of the port name, since we need task port for the sender, which we may not have yet.

If a ChannelPosix dies in the window between receiving such a port name and being able to extract its send right, AND the remote process is not going to die imminently**, we will have effectively leaked the send right ref in the remote process.

** This is not an issue in practice today, because in all realistic scenarios, the sending process will die immediately upon channel disconnection.