Usually, only two major user categories are supported by DAC:
DAC model, by its definition, dictates that all requests made on behalf of the superuser3.3 must be granted and that their legitimacy is never questioned. Superuser, as in DAC model, owns all system objects and can, at his own discretion, grant or refuse access privileges to any of them to ``the rest of the world''. Notion of the superuser, as such, represents a single point of vulnerability3.4 in a system.
All other users in a system, popularly named ``the rest of the world'', undergo full DAC checks on every request made on their behalf. Non-superuser users can grant or refuse access privileges to system objects, owned by them, to other users, apart from the superuser to whom all access requests shall always be granted.
As can be suspected, most of the attacks are aimed at programs running under superuser privileges as subverting them means obtaining unlimited access to the host system.
Probably the most widely exploited program, over the past several years, in Linux environment, has been Sendmail, Mail Transport Agent (MTA). Sendmail, by default, runs under superuser privileges. Buffer overflow exploit scripts are available on the Internet, for various versions of Sendmail, that cause the attacked Sendmail to relinquish control to the attacker usually by launching a root shell.