I don't see why you should get flamed for asking this. On the contrary, everyone should get feedback on security issues before writing CGI programs :-)

My answer is: it depends on the setup, and what you do with the directory afterwards. Judging from your previous post, I assume that is going to be your "list of valid subdirectories".

Are these directories predefined and created by you? If they are not (i.e. they can be created by users) then you should be careful with them, even if they pass your "validity" check. I think using -d is OK because it does not interpret any metacharacters AFAIK, but if you later use that name in something that does (like open or system), you will get in trouble if you don't sanitize the names before allowing them to pass.

If the valid directories can only be created by you, as long as you are careful with their names, I think you should be OK. In any case, it's best if you do something to untaint the data before using it in any possibly vulnerable commands.

--ZZamboni

In reply to Re: Possible Security Problem by ZZamboni
in thread Possible Security Problem by Stamp_Guy

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.