Why is DAC inadequate?
-
Decisions are only based on user identity and ownership
-
No protection against malicious software
-
Each user has complete discretion over his objects
-
Only two major categories of users: superuser and other
-
Many system services and privileged programs must run with
coarse-grained privileges if not as superuser