Improve and harden list_active

An upcoming commit will introduce support for the BOSUN_DIR environment
variable that allows users (and, crucially, the upcoming test suite) to
override the default role directory. Since we have previously assumed
that we are in full control of STOW_DIR, we now have to be more careful.

Revamp list_active such that the sed invocation no longer gets any user
input. This should protect against any nefarious contents in BOSUN_DIR.

The new approach used by list_active relies on 'realpath', a GNU-only
coreutils program, and its '--relative-base' option which prints
absolute paths unless they are below a given directory. This allows us
to filter symbolic links that do not point to a path within BOSUN_DIR.

0 files changed, 0 insertions, 0 deletions