I think the results you get from File::Find are tainted. This is good as you don't want to have unexpected filenames and don't want to change them to (even) 664. Also, operating on $_ works, but I prefer operating on $File::Find::name, as having absolute filenames is much better in error messages. I would look at perlsec and do something like the following:

sub setperms {
    my $fn = $File::Find::name;
    my $untained_fn;
    my $mode;
    if ($fn =~ m!^(\Q$baseDir\E([/\w.]+)\z!) {
        $untainted_fn = $1;
        $mode = 0664;
    } else {
        $fn =~ m!^(.*)$!;
        $untainted_fn = $1;
        $mode = 0000;
        warn "File name '$untainted_fn' does not match criteria, setti
+ng mode to 0.";
    };

    chmod($untained_fn,$mode) or die "Couldn't change '$untainted_fn' 
+to $mode: $!";
};
[download]

Also, you should really, really consider whether you want to have any script that runs as root accessible from the outside of your computer. I recommend having that script run from a cron job and having as the CGI program a program that just appends filenames to a list.