Is there any set of compiler parameters that can be used to prevent a C++ program from having any access to most system functions, leaving it with access to read/write to stdin/stdout, but otherwise unable to harm the system.
This strikes me as being useful for systems such as a homework submission server or an online "tryit" server.
Providing such restrictions are usually not considered the task of a compiler and it would be very hard to do anyway. Even if only a restricted set of libraries would be available for linking it is still possible to directly call into syscalls, i.e. no library needed.
For the use case you envision (homework submission) one should instead execute the generated program inside some restricted environment, i.e. sandboxing it within a virtual machine, containers or similar. In the simplest case you might run the code as a different and restricted user but then you should be really sure that your system is not exploitable by a low privileged user.
But there is another interesting use case where the developer itself wants to restrict the abilities of the program in order to reduce the impact of possible bugs in the program. Here technologies like pledge, seccomp or similar allow the program to explicitly give up the ability to do specific system calls (which can never be gained again) so that a bug in the program cannot be used to cause much harm.
Using the last idea where the program restricts itself could be also used in your use case to enable such restrictions before main gets called. One might do this to have a different compiler runtime or have other ways to execute code before main. Personally I would have much less trust in such a solution since much more can go wrong compared to running inside a real sandbox.
See also this questions at Unix & Linux where the OP tries to solve a similar problem and where a solution using seccomp is described in detail.
