diff --git a/src/ioslaves/file/fdreceiver.cpp b/src/ioslaves/file/fdreceiver.cpp
--- a/src/ioslaves/file/fdreceiver.cpp
+++ b/src/ioslaves/file/fdreceiver.cpp
@@ -71,9 +71,28 @@
 {
     int client = ::accept(m_socketDes, NULL, NULL);
     if (client > 0) {
-        FDMessageHeader msg;
-        if (::recvmsg(client, msg.message(), 0) == 2) {
-            ::memcpy(&m_fileDes, CMSG_DATA(msg.cmsgHeader()), sizeof m_fileDes);
+        // Receive fd only if socket owner is root (our setuid helper)
+        bool acceptConnection = true;
+#if defined(__linux__)
+        ucred cred;
+        socklen_t len = sizeof(cred);
+        if (getsockopt(client, SOL_SOCKET, SO_PEERCRED, &cred, &len) != 0 || cred.uid != 0) {
+            acceptConnection = false;
+        }
+#elif defined(__FreeBSD__) || defined(__APPLE__)
+        uid_t uid;
+        gid_t gid;
+        if (getpeereid(m_socketDes, &uid, &gid) != 0 && uid != 0) {
+            acceptConnection = false;
+        }
+#else
+#warning Cannot get socket credentials!
+#endif
+        if (acceptConnection) {
+            FDMessageHeader msg;
+            if (::recvmsg(client, msg.message(), 0) == 2) {
+                ::memcpy(&m_fileDes, CMSG_DATA(msg.cmsgHeader()), sizeof m_fileDes);
+            }
         }
         ::close(client);
     }