diff --git a/.gitignore b/.gitignore
index f92c2ae..fd117b0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,6 +6,7 @@ test/.pt.db
 *compile_commands.json
 test/perf*
 test/callgraph*
+test/openers
 src/gui/ui/*
 src/gui/*.o
 src/gui/icfs_dialogue
diff --git a/test/opener/Makefile b/test/opener/Makefile
new file mode 100644
index 0000000..1254625
--- /dev/null
+++ b/test/opener/Makefile
@@ -0,0 +1,81 @@
+SHELL=/bin/bash
+
+# configurable options
+
+ifndef ($(SOURCES_DIR))
+	SOURCES_DIR := .
+endif
+
+ifndef ($(TESTS_DIR))
+	TESTS_DIR := .
+endif
+
+ifndef ($(BUILD_DIR))
+	BUILD_DIR := .
+endif
+
+CC := gcc
+CXX := g++
+
+NAME := opener
+
+# dependencies
+
+PACKAGE_NAMES :=
+
+ifeq ($(TEST), 1)
+	#	PACKAGE_NAMES += check # TODO: use check?
+endif
+
+
+# set up cflags and libs
+
+CFLAGS :=
+LDFLAGS :=
+
+ifneq ($(PACKAGE_NAMES),)
+	CFLAGS += $(shell pkg-config --cflags $(PACKAGE_NAMES))
+	LDFLAGS += $(shell pkg-config --libs $(PACKAGE_NAMES))
+endif
+
+ifeq ($(DEBUG),1)
+	CFLAGS += -O0 -pedantic -g -Wall -Wextra -Wcast-align \
+						-Wcast-qual -Wdisabled-optimization -Wformat=2 \
+						-Winit-self -Wlogical-op -Wmissing-declarations \
+						-Wmissing-include-dirs -Wredundant-decls -Wshadow \
+						-Wsign-conversion -Wstrict-overflow=5 \
+						-Wswitch-default -Wundef -Wno-unused
+	LDFLAGS += 
+else
+	CFLAGS += -O3
+	LDFLAGS +=
+endif
+
+
+# set up targets 
+
+TARGETS := $(BUILD_DIR)/$(NAME)
+
+ifeq ($(TEST), 1)
+	TARGETS += $(NAME)_test
+endif
+
+
+# build!
+
+default: $(TARGETS)
+
+.PHONY: clean $(NAME)_test
+
+$(NAME)_test: $(BUILD_DIR)/$(NAME)
+	echo "No tests defined."
+	#$(BUILD_DIR)/$(NAME)
+
+$(BUILD_DIR)/$(NAME): $(BUILD_DIR)/$(NAME).o
+	$(CC) $(CFLAGS) $^ $(LDFLAGS) -o $(BUILD_DIR)/$(NAME)
+
+$(BUILD_DIR)/$(NAME).o: $(SOURCES_DIR)/$(NAME).c
+	$(CC) $(CFLAGS) -c $< $(LDFLAGS) -o $(BUILD_DIR)/$(NAME).o
+
+clean:
+	rm $(BUILD_DIR)/*.o $(BUILD_DIR)/$(NAME)
diff --git a/test/opener/opener.c b/test/opener/opener.c
new file mode 100644
index 0000000..1cd4fb5
--- /dev/null
+++ b/test/opener/opener.c
@@ -0,0 +1,20 @@
+
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <unistd.h>
+int main(int argc, char *argv[]) {
+  if (argc != 2) {
+    fprintf(stderr, "Usage: ./opener [FILENAME]");
+    return 1;
+  }
+
+  int fd = open(argv[1], O_RDWR | O_CREAT);
+  if (fd == -1) {
+    perror("Cannot open file");
+    return 1;
+  }
+  close(fd);
+
+  return 0;
+}
diff --git a/test/test.bash b/test/test.bash
index 14c20f1..698530f 100755
--- a/test/test.bash
+++ b/test/test.bash
@@ -9,6 +9,17 @@ touch ./protected/do-not-remove ./protected/should-be-removed ./protected/truth
 chmod 777 ./protected/perm777 ./protected/perm000
 echo "Free code, free world." >./protected/motto
 
+rm -rf ./openers
+mkdir openers
+make -C ./opener || (
+  echo "Could not make the opener program."
+  exit 1
+)
+for i in {1..10}; do
+  cp ./opener/opener "./openers/opener$i"
+  ln --symbolic "$(realpath "./openers/opener$i")" "./openers/symlinked_opener$i"
+done
+
 # set up the fake-zenity
 
 PATH="$(realpath ./mock/):$PATH"
@@ -28,6 +39,7 @@ if [[ $1 == "--setuid" ]]; then
 else
   echo "Database protection will not be tested due to the lack of setuid capabilites."
   echo "To test it, run this script with '--setuid'."
+  #valgrind --leak-check=full -s ../build/icfs -o default_permissions -o debug ./protected ./.pt.db 2>&1 | grep "==\|zenity\|Permission\|column\|callback" &
   valgrind --leak-check=full -s ../build/icfs -o default_permissions ./protected ./.pt.db &
   sleep 5
 fi
@@ -39,85 +51,105 @@ fi
 
 # create files
 
-zenity --set-fake-response no
+icfs_dialogue --set-fake-response no
 truncate -s 0 ./protected/should-exist-anyway 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
   echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK
 
-zenity --set-fake-response yes_tmp
+icfs_dialogue --set-fake-response yes
 truncate -s 0 ./protected/should-exist 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
   echo "[ICFS-TEST]: truncate cannot create protected/should-exist despite access being permitted!" # OK
 
 # write to files
 
-zenity --set-fake-response no
+icfs_dialogue --set-fake-response no
 sed -e 'a\'"Linux is a cancer that attaches itself in an intellectual property sense to everything it touches." "./protected/truth" 2>/dev/null &&
   echo "[ICFS-TEST]: echo can write to protected/lie despite access being denied!" ||
   echo "[ICFS-TEST]: OK" # EACCESS
 
-zenity --set-fake-response yes_tmp
+icfs_dialogue --set-fake-response yes
 sed -e 'a\'"Sharing knowledge is the most fundamental act of friendship. Because it is a way you can give something without loosing something." "./protected/truth" 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
   echo "[ICFS-TEST]: echo cannot write to protected/truth despite access being permitted!" # OK
 
 # Read files
 
-zenity --set-fake-response no
+icfs_dialogue --set-fake-response no
 cat ./protected/motto >/dev/null 2>/dev/null &&
   echo "[ICFS-TEST]: cat can read protected/this-only despite access being denied!" ||
   echo "[ICFS-TEST]: OK" # EACCESS
 
-zenity --set-fake-response yes_tmp
+icfs_dialogue --set-fake-response yes
 cat ./protected/motto >/dev/null 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
   echo "[ICFS-TEST]: echo cannot create protected/this-only despite access being permitted!" # "Free code, free world."
 
 # remove files
 
-zenity --set-fake-response no
+icfs_dialogue --set-fake-response no
 rm ./protected/do-not-remove >/dev/null 2>/dev/null &&
   echo "[ICFS-TEST]: rm can unlink protected/do-not-remove despite access being denied!" ||
   echo "[ICFS-TEST]: OK" # EACCESS
 
-zenity --set-fake-response yes_tmp
+icfs_dialogue --set-fake-response yes
 rm ./protected/should-be-removed >/dev/null 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
   echo "[ICFS-TEST]: rm cannot unlink protected/should-be-removed despite access being permitted!" # OK
 
 # rename files
 
-zenity --set-fake-response no
+icfs_dialogue --set-fake-response no
 mv ./protected/do-not-rename ./protected/terrible-name 2>/dev/null &&
   echo "[ICFS-TEST]: mv can rename protected/truth despite access being denied!" ||
   echo "[ICFS-TEST]: OK" # EACCESS
-zenity --set-fake-response yes_tmp
+icfs_dialogue --set-fake-response yes
 mv ./protected/should-be-renamed ./protected/great-name 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
   echo "[ICFS-TEST]: mv cannot rename should-be-removed to renamed-file despite access being permitted!" # OK
 
 # change permissions
 
-zenity --set-fake-response no
+icfs_dialogue --set-fake-response no
 chmod 000 ./protected/perm777 2>/dev/null &&
   echo "[ICFS-TEST]: chmod can change permissions of protected/perm777 despite access being denied!" ||
   echo "[ICFS-TEST]: OK" # EACCESS
-zenity --set-fake-response yes_tmp
+icfs_dialogue --set-fake-response yes
 chmod 000 ./protected/perm000 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
   echo "[ICFS-TEST]: chmod cannot change permissions of protected/perm000 despite access being permitted!" # OK
 
 # test permanent permissions
 
-zenity --set-fake-response yes
-cat ./protected/motto >/dev/null 2>/dev/null &&
+icfs_dialogue --set-fake-response yes_perm
+openers/opener1 ./protected/motto >/dev/null 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
-  echo "[ICFS-TEST]: echo cannot read protected/motto despite access being permitted!" # OK
+  echo "[ICFS-TEST]: openers/opener1 cannot read protected/motto despite access being permitted!" # OK
 
-zenity --set-fake-response no # this should be ignored
-cat ./protected/motto >/dev/null 2>/dev/null &&
+icfs_dialogue --set-fake-response no # this should be ignored
+openers/opener1 ./protected/motto >/dev/null 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
-  echo "[ICFS-TEST]: echo cannot read protected/motto despite access being permitted!" # OK
+  echo "[ICFS-TEST]: openers/opener1 cannot read protected/motto despite access being permitted!" # OK
+
+icfs_dialogue --set-fake-response no # this should be ignored
+openers/symlinked_opener1 ./protected/motto >/dev/null 2>/dev/null &&
+  echo "[ICFS-TEST]: OK" ||
+  echo "[ICFS-TEST]: openers/symlinked_opener1 cannot read protected/motto despite access being permitted!" # OK
+
+icfs_dialogue --set-fake-response no_perm
+openers/opener2 ./protected/motto >/dev/null 2>/dev/null &&
+  echo "[ICFS-TEST]: openers/opener2 can read protected/motto despite access being denied!" ||
+  echo "[ICFS-TEST]: OK" # EACCESS
+
+icfs_dialogue --set-fake-response yes # this should be ignored
+openers/opener2 ./protected/motto >/dev/null 2>/dev/null &&
+  echo "[ICFS-TEST]: openers/opener2 can read protected/motto despite access being denied!" ||
+  echo "[ICFS-TEST]: OK" # EACCESS
+
+icfs_dialogue --set-fake-response yes # this should be ignored
+openers/symlinked_opener2 ./protected/motto >/dev/null 2>/dev/null &&
+  echo "[ICFS-TEST]: openers/symlinked_opener2 can read protected/motto despite access being denied!" ||
+  echo "[ICFS-TEST]: OK" # EACCESS
 
 # test database access
 if [[ -r "./.pt.db" || -w "./.pt.db" ]]; then