I'm using DOSBox (on macOS, but I believe the issue is not specific to one operating system), and it seems that in DOSBox I can mount arbitrary paths from my file system and access them – including for destructive operations.

A typical usage example might look something like:

1mount C /my/favourite/dos/game
2C:
3play 

, which is all good and nice assuming that play doesn't run harmful/malicious code, but is there anything preventing it from doing things like

1mount D /very/important/files
2D:
3del *.*

?

I wrote a similar PLAY.BAT and ran it without problems, observing that it indeed deleted files outside the directory manually mount-ed by the user.

I tried to find a config setting to restrict the paths that can be mounted or to specify mounts to be made upon loading DOSBox and disable mount-ing from within DOSBox itself, but couldn't find any. Is there such a setting, and/or any other remedy to this severe vulnerability?