What is wrong with DAC and unix security?

Programs have full control over the access given to files they create

Therefore no protection against malicious software or "social engineering", and bugs in privileged programs

Too coarse grained (root vs non-root gives boolean security model for many cases)

Security model does not allow tracking of identity across "su" type operations