Mark writes:
The user mailman has its plain text password written into the mailman.cfg file. If that is a potential weakness,
It is. I may have some answers for that one in a few months (current project has a goal of storing all secrets in a secure vault, so that would mean enabling Mailman 3 to take advantage of such a vault).
would making mailman NOT the owner reduce vulnerability by a degree (in that objects could not be created in the public schema by using mailman's credentials)?
Yes, but I don't really see what attacks that would enable. I guess you could store credit card numbers and malware there almost indetectably, but getting them out still requires host access.
Of course I would have a whole world of other problems if those credentials were misused, so I guess it's a bit theoretical anyhow.
Yes. I can think of many ways to abuse access to the existing data much more easily than how to abuse data that doesn't exist from the point of view of any application on the host. :-)