So - we might get this convenient, but unsafe feature of auto-mounting drives in DOSBox.

We already have a built-in warning againt mounting C:\.

Maybe it is time to consider a general way of identifying safe and unsafe actions in DOSBox? I am thinking of something like what the Miranda (a multiprotocol IM-client) is doing.

When Miranda starts, it looks one or more autoexec_*.ini files.

I carry my Miranda aorund with me on an USB-stick, and use location-specific autoexec-files to automatically disable and enable different protocols, select different anti-virus software (for scanning downloaded files), and change paths. All potential dangerous stuff.

Per default, Miranda will pop up warnings for each and every autoexec_*.ini found, asking if it should be executed. It will also ask about changes done to its internal configuration database, unless the configuration items are considered "safe" (e.g. a cosmetic changes likes skins, fonts, and colours). Per default any changes that relate to the IM-protocols (e.g. login-names, passwords, connect status) are considered unsafe.

For DOSBox, it might be worth considering a similar approach. Changes to the language, machine, and memsize in the dosbox-section should be safe, but changes to the capture-directory is not (could be used to overwrite data).

Changes to the render-section, cpu-section, sound emulation and XMS/EMS/UBM seems safe. Changes to ipx, serial and parallel-port sections - maybe... Probably safe too.

But changes to an mounting-section (e.g. don't warn about mounting the real C: drive), allow auto-mounting of write-able drives, network drives, etc, should definitely be considered unsafe.

But sometimes, you actually want to make those kinds of changes in a quiet, unobtrusisive way, without pops-up asking for permission to apply the changes. Like when I launch Miranda on my work-PC and need to disable all but 2 of my MSN Messenger logins, change my virus-scanning command to Norton, and change my status-message to "At work".

Thankfully, Miranda always starts out by reading a mirandaboot.ini file, where you can override the defaults for which changes that are safe, which that are unsafe, whether to apply the configuration changes silently, ask for permission, or silently do the bidding of the autoexec_*.ini files. In my case, this boot-file looks like this:

1[AutoExec]
2Unsafe=MSN MSN_2 MSN_3 YAHOO YAHOO_2 AIM ICQ IRC IRC_2 JABBER
3OverrideSecurityFilename=autoexec_FileIsSecure.ini
4Warn=all

It tells Miranda, that all changes to the configuration of the IM-protocols are unsafe, and that I should be prompted for permission for each and every change to my protocol settings.

But - it also tells Miranda, that all the changes done in the autoexec_FileIsSecure.ini file is to be considered safe (and therefore I will not be subject to popups and warnings).

Detailed information about the Miranda boot.ini file and the options it gives for silently allowing unsafe operations can be found here.

Would it be a good idea to have something similar for DOSBox? A boot.conf that declares if command-line options, auto-mounting, and enabling IPX are safe or not? And how unsafe actions are to be handled? Ignore, prompted, or silently executed.