diff --git a/cmd/fsu/main.go b/cmd/fsu/main.go
index 99c25c9..af0315e 100644
--- a/cmd/fsu/main.go
+++ b/cmd/fsu/main.go
@@ -35,11 +35,20 @@ func main() {
 		log.Fatal("this program must not be started by root")
 	}
 
-	// check compiled in fortify path
+	// validate compiled in fortify path
 	if FortifyPath == fpPoison || !path.IsAbs(FortifyPath) {
 		log.Fatal("invalid fortify path, this copy of fsu is not compiled correctly")
 	}
 
+	pexe := path.Join("/proc", strconv.Itoa(os.Getppid()), "exe")
+	if p, err := os.Readlink(pexe); err != nil {
+		log.Fatalf("cannot read parent executable path: %v", err)
+	} else if strings.HasSuffix(p, " (deleted)") {
+		log.Fatal("fortify executable has been deleted")
+	} else if p != FortifyPath {
+		log.Fatal("this program must be started by fortify")
+	}
+
 	// uid = 1000000 +
 	//   fid * 10000 +
 	//           aid
diff --git a/package.nix b/package.nix
index 4293f47..b2c72f6 100644
--- a/package.nix
+++ b/package.nix
@@ -21,7 +21,7 @@ buildGoModule rec {
     "-X"
     "main.Version=v${version}"
     "-X"
-    "main.FortifyPath=${placeholder "out"}/bin/fortify"
+    "main.FortifyPath=${placeholder "out"}/bin/.fortify-wrapped"
   ];
 
   buildInputs = [