For more half-baked ideas, see the ideas tag.
dlopen and LD_PRELOAD are crude tools.
It should be possible to load any ELF binary or library into a program, introspect it to find out what functions it calls, individually intercept or replace those function calls, and then run it in a controlled, isolated environment where it cannot harm the host program.
I’m going to call this idea “ELF VM”. I’m using “VM” here in the “JVM” sense (not the “KVM” sense).
One particular use I have for this is to run programs using an alternate API; for example replacing POSIX API calls like open/read/write/chmod/… with libguestfs API calls. One would load up the target binary into the ELF VM, introspect it to find out what functions it uses, and then replace them or give an error if we don’t know how to replace them. And finally run the binary, but safely and controllably (it wouldn’t be able to overwrite the host program and you could control how much CPU time it could use).
Valgrind already runs binaries in a VM/emulator like this, although not (AFAIK) in a way that I can take that work and apply it in other areas.