We are working on improving LD_AUDIT support, which is the plugin API
of
the dynamic loader. It can in theory be used to implement such things.
Depending on the threat model, then DT_BIND_NOW and/or LD_PRELOAD
can be used to find the desired instance of dlsym(). If the threats include
"just in time" modification of the instruction stream, then you must control
the system calls execve, mmap, mprotect, and ptrace.
--