    I am working on a small program which I would like to be extensible with plugins written by external parties (using the dlopen family of commands). However I would like to provide a basic level of security by limiting the potential of a plugin to cause harm.

    For example, say I do not want plugins to be able to read or write files. Is there a way for me to be able to prevent a function in the plugin library from calling (for example) fopen()?

    I have been looking for some time now but can't work out if this is possible at all, and if it is, how it could be done.



    I can't think of any easy (or practically feasible way). This is why most programs that allow third party plugins invent their own domain specific language and just parse that themselves, instead of just blindly allowing arbitrary binaries to be loaded in.

    If the plugins are binary code, then no. You can't choose what they can or not. The best you can do is give guidelines to what they may and may not do.
    That or create and parse your own language.
    Thanks for the quick replies. OK, looks like it'll have to be either user beware or I get very familiar with bison/flex.


