diff --git a/runner.c b/runner.c
index 573d2b3..ecd17c2 100644
--- a/runner.c
+++ b/runner.c
@@ -167,6 +167,13 @@ int run(struct config *config, struct result *result) {
             ERROR(DUP2_FAILED);
         }
 
+        if (setuid(NOBODY_UID) == -1) {
+            ERROR(SET_UID_FAILED);
+        }
+        if (setgid(NOBODY_GID) == -1) {
+            ERROR(SET_GID_FAILED);
+        }
+
         if (config->use_sandbox) {
             // load seccomp rules
             ctx = seccomp_init(SCMP_ACT_KILL);
diff --git a/runner.h b/runner.h
index f60ffd3..ae6ee00 100644
--- a/runner.h
+++ b/runner.h
@@ -22,6 +22,8 @@
 #define DUP2_FAILED 6
 #define EXCEVE_FAILED 7
 #define LOAD_SECCOMP_FAILED 8
+#define SET_UID_FAILED 9
+#define SET_GID_FAILED 10
 
 #define CPU_TIME_LIMIT_EXCEEDED 1
 #define REAL_TIME_LIMIT_EXCEEDED 2
@@ -31,6 +33,9 @@
 
 #define ERROR(code) raise(SIGUSR1);return code
 
+#define NOBODY_UID 65534
+#define NOBODY_GID 65534
+
 struct result {
     int cpu_time;
     long memory;