My related question is when it is ever safe to use suid to change the user id of an Apache Perl CGI script to a user with some administrative privileges.

I want to use Lincoln Stein's user_manage Perl module to allow Apache users to remotely change their own passwords. Stein provides some different ways to do it. One way involves:

Designate a directory that will hold the various password and group files, for example /etc/httpd/security. Make it owned and writable by a specially-designated "web administrator" account, for example "www". Now, running as root, change the ownership of user_manage to "www" and set its "s" bit:

Is there any danger in doing so? My concern is that the user_manage documentation may be assuming that "everyone knows" not to engage in a particular coding practice when running suid, but I am still a beginner (<1 year Perl/Unix) and I don't know. I intend to use CGI.pm param() to parse the form variables after they are submitted, and I intend to avoid doing foolish things like

my $form_variable = param("form_variable");
`form_variable`;
[download]

I also will prevent users from uploading form variables which contain values other than letters and numbers. Just to be safe, I may also ban words like 'eval' and 'system' from form variables along with parentheses and backticks.