=== modified file 'TODO'
--- TODO	2014-08-09 13:12:55 +0000
+++ TODO	2014-08-09 23:37:07 +0000
@@ -32,7 +32,6 @@
 ** TODO [#B] use scandir(3) instead of readdir(3)
 
 * askpass-fifo
-** TODO [#B] Drop privileges after opening FIFO.
 
 * password-prompt
 ** TODO [#B] lock stdin (with flock()?)

=== modified file 'plugins.d/askpass-fifo.c'
--- plugins.d/askpass-fifo.c	2014-03-29 02:38:15 +0000
+++ plugins.d/askpass-fifo.c	2014-08-09 23:37:07 +0000
@@ -23,7 +23,7 @@
  */
 
 #define _GNU_SOURCE		/* TEMP_FAILURE_RETRY() */
-#include <sys/types.h>		/* ssize_t */
+#include <sys/types.h>		/* uid_t, gid_t, ssize_t */
 #include <sys/stat.h>		/* mkfifo(), S_IRUSR, S_IWUSR */
 #include <iso646.h>		/* and */
 #include <errno.h>		/* errno, EACCES, ENOTDIR, ELOOP,
@@ -44,6 +44,8 @@
 #include <string.h> 		/* strerror() */
 #include <stdarg.h>		/* va_list, va_start(), ... */
 
+uid_t uid = 65534;
+gid_t gid = 65534;
 
 /* Function to use when printing errors */
 __attribute__((format (gnu_printf, 3, 4)))
@@ -74,6 +76,9 @@
   int ret = 0;
   ssize_t sret;
   
+  uid = getuid();
+  gid = getgid();
+  
   /* Create FIFO */
   const char passfifo[] = "/lib/cryptsetup/passfifo";
   ret = mkfifo(passfifo, S_IRUSR | S_IWUSR);
@@ -119,6 +124,16 @@
     }
   }
   
+  /* Lower group privileges  */
+  if(setgid(gid) == -1){
+    error_plus(0, errno, "setgid");
+  }
+  
+  /* Lower user privileges */
+  if(setuid(uid) == -1){
+    error_plus(0, errno, "setuid");
+  }
+  
   /* Read from FIFO */
   char *buf = NULL;
   size_t buf_len = 0;