First page Back Continue Last page Overview Text


DAC is what we have today.
Every program runs with the complete permissions of the invoking user and are free to further change permissions or propagate access.
Even in systems that support a notion of privileges aka POSIX.1e capabilities, privileges are very coarse-grained, only process-based, and easily escalated to gain full access.