Make hard-linked files read-only for safety

diff --git a/doc/MANUAL.adoc b/doc/MANUAL.adoc
index 413e41e651feede3bcc5cb0067a50ca9c06d81ce..be7b0c49ef32dec1b0de0c13be6711bb487aa867 100644 (file)
--- a/doc/MANUAL.adoc
+++ b/doc/MANUAL.adoc
@@ -450,10 +450,12 @@ WARNING: Do not enable this option unless you are aware of these caveats:
 +
 * If the resulting file is modified, the file in the cache will also be
   modified since they share content, which corrupts the cache entry. As of
-  version 4.0, ccache performs a simple integrity check for cached files by
-  verifying that their sizes are correct. This means that mistakes like `strip
-  file.o` or `echo >file.o` will be detected, but a modification that doesn't
-  change the file size will not.
+  version 4.0, ccache makes stored and fetched object files read-only as a
+  safety measure guard. Furthermore, a simple integrity check is made for
+  cached object files by verifying that their sizes are correct. This means
+  that mistakes like `strip file.o` or `echo >file.o` will be detected even if
+  the object file is made writeable, but a modification that doesn't change the
+  file size will not.
 * Programs that don't expect that files from two different identical
   compilations are hard links to each other can fail.
 * Programs that rely on modification times (like ``make'') can be confused if

diff --git a/src/result.cpp b/src/result.cpp
index d78d1981c9f6834214aa9be69dd8eeb5eeb0fa1c..366405a0037b443687bf5a17eba2c4faa1ae1b9f 100644 (file)
--- a/src/result.cpp
+++ b/src/result.cpp
@@ -237,6 +237,9 @@ copy_raw_file(const Context& ctx,
     cc_log("Hard linking %s to %s", source.c_str(), dest.c_str());
     int ret = link(source.c_str(), dest.c_str());
     if (ret == 0) {
+      if (chmod(dest.c_str(), 0444) != 0) {
+        cc_log("Failed to chmod: %s", strerror(errno));
+      }
       return true;
     }
     cc_log("Failed to hard link: %s", strerror(errno));