Allow longer commandlines in MOUNT and IMGMOUNT.

Fix crash reported by MiniMax (mount -u 0). Fix bug reported by Tearex ("config -get" broken). Add some protection that makes it harder to mount a directory from within an executable. Add some protection to make mounting from command /c much harder. Add a securemode commandline switch to config and dosbox that should make it impossible to mount a location when this isn't wanted by the user. (Addresses concerns of CVE-2007-6328) Update documentation to reflect this. Imported-from: https://svn.code.sf.net/p/dosbox/code-0/dosbox/trunk@3114
2008-03-02 11:13:47 +00:00 · 2008-03-02 11:13:47 +00:00 · 3f2e4fbd83
commit 3f2e4fbd83
parent f2c40b9407
9 changed files with 156 additions and 38 deletions
--- a/15
+++ b/15
@ -273,7 +273,8 @@ description:

 dosbox [name] [-exit] [-c command] [-fullscreen] [-conf congfigfile] 
       [-lang languagefile] [-machine machinetype] [-noconsole]
-       [-startmapper] [-noautoexec] [-scaler scaler | -forcescaler scaler]
+       [-startmapper] [-noautoexec] [-securemode] 
+       [-scaler scaler | -forcescaler scaler]
       
 dosbox -version

@ -318,6 +319,11 @@ dosbox -version
  -noautoexec
        Skips the [autoexec] section of the loaded configuration file.

+  -securemode
+        Same as -noautoexec, but adds config.com -securemode at the 
+        bottom of AUTOEXEC.BAT (which in turn disables any changes to how
+        the drives are mounted inside DOSBox)
+
  -scaler scaler
        Uses the scaler specified by "scaler". See the DOSBox configuration
        file for the available scalers.
@ -469,6 +475,7 @@ MEM

 CONFIG -writeconf localfile
 CONFIG -writelang localfile
+CONFIG -securemode
 CONFIG -set "section property=value"
 CONFIG -get "section property"

@ -491,6 +498,12 @@ CONFIG -get "section property"
       The language file controls all visible output of the internal commands
       and the internal DOS.

+  -securemode
+       Switches DOSBox to a more secure mode. In this mode the internal 
+       commands MOUNT, IMGMOUNT and BOOT won't work. It's not possible either
+       to create a new configfile or languagefile in this mode.
+       (Warning you can only undo this mode by restarting DOSBox.)
+
  -set "section property=value"
       CONFIG will attempt to set the property to new value. At this moment
       CONFIG can not report whether the command succeeded or not.