Is there any way through which we can control which all APIs of a library are exposed to the programmer? suppose I use glibc and want a control over certain critical API's ... i.e. I dont want any developer using this library to develop code, access to critical system calls such as fork, kill etc.
How can it be done? Please Help.
Thanks
It's irrelevant to security, what if those were implemented in the application itself? what you really want is to be able to limit the system calls the application can make.
Two widely available methods are seccomp and selinux. The former is pretty simple, it just puts the application into an state where it can only do safe operations (read, write, etc.).