As with most of the big secrets the “overlords” have, the answer is probably much more simple than a technical backdoor.
I have SE turned on. Following a model more like “least privilege”, it denies access to everything, then an SE “policy” is written by the admin and put in place to grant privilege. Linux as delivered comes with appropriate SE policies to function. But once you start writing your own programs or adding in new software, policies have to be written and applied by the administrator to give them access. (SE provides an easy tool that looks at the SE errors the new program generated and generates a policy to allow just what’s needed).
If SE is used reasonably well on a machine/host that is compromised other than full root access, SE presents a stumbling block for the attacker. The example is given in the doc of a situation where Apache is compromised; in that case, Apache would only be able to do what Apache is allowed to do, instead of read every world readable file in the filesystem.
Human beings being inherently lazy, most people at the first sight of difficulty getting their new program to run, simply turn off SE when they find out that SE is preventing their program from accessing a socket, etc.
I’d venture to guess that most machines running Linux don’t have SE turned on, thus, the only things an attacker need do are discover a host IP and compromise a service or password. Since most admins (users) simply make directories and files world readable, the attacker is then free to glean what they want from the filesystem. Also, most folks passwords are easily crackable.
Gubmint has both white hats and black hats operating; the world of espionage is one of recursive lies, so undoubtedly both gubmint and private sector black hats are trying to break into the unsuspecting public’s machines.
Here are some examples logged on my web server:
Attempts to use known hacks by 4 hosts were logged 8 time(s) from:
24.103.166.94: 2 Time(s)
^null$ 2 Time(s)
66.186.236.161: 2 Time(s)
^null$ 2 Time(s)
66.206.49.14: 2 Time(s)
^null$ 2 Time(s)
66.239.61.70: 2 Time(s)
^null$ 2 Time(s)
Connection attempts using mod_proxy:
183.60.48.25 -> tcpconn2.tencent.com:443: 3 Time(s)
222.73.10.148 -> 222.73.10.148:9610: 2 Time(s)
A total of 4 sites probed the server
24.103.166.94
66.186.236.161
66.206.49.14
66.239.61.70
Requests with error response codes
/: 6 Time(s)
/asp08111902.rar: 1 Time(s)
/php08112802.rar: 1 Time(s)
/w00tw00t.at.ISC.SANS.DFind:): 4 Time(s)
HTTP/1.1: 2 Time(s)
admin/scripts/setup.php: 2 Time(s)
3LZaArATH8x9fh&: 1 Time(s)
/?fp=f%2F7YkxLbdqFzUQ29T6QuhDUn7mdSTBU65R1 ... xoisvflURnYHUw&: 1 Time(s)
/?g1t2h=iii.X1VWa5vBcf1saf.vNs%23zFGFAAtEtE&t1m2k3=&: 2 Time(s)
//php-my-admin/config/config.inc.php?p=phpinfo();: 2 Time(s)
//php-my-admin/index.php: 4 Time(s)
//phpMyAdmin-2.2.3/index.php: 2 Time(s)
//phpMyAdmin-2.2.6/index.php: 2 Time(s)
//phpMyAdmin-2.5.1/index.php: 2 Time(s)
//phpMyAdmin-2.5.4/index.php: 2 Time(s)
//phpMyAdmin-2.5.5-pl1/index.php: 2 Time(s)
//phpMyAdmin-2.5.5-rc1/index.php: 2 Time(s)
//phpMyAdmin-2.5.5-rc2/index.php: 2 Time(s)
//phpMyAdmin-2.5.5/index.php: 2 Time(s)
/?g1t2h=X1VWa5vBcf1saf.JvV%23zFGGHbGFbF&t1m2k3=&: 1 Time(s)
/?g1t2h=X1VWa5vBcf1saf.vNs%23zFGFTFZGbb&t1 ... rxoisvflURnYHUw: 1 Time(s)
/?g1t2h=X1VWa5vBf1saf.Bf5%23zFGFGTzGFF&t1m2k3=&: 4 Time(s)
/?q=user: 1 Time(s)
/HNAP1/: 8 Time(s)
/MIVALine/HighlightKeywords.css: 3 Time(s)
/MyAdmin/scripts/setup.php: 13 Time(s)
/MySQLAdmin/scripts/setup.php: 2 Time(s)
/PHPMYADMIN/scripts/setup.php: 2 Time(s)
/PMA/scripts/setup.php: 1 Time(s)
/PMA2005/scripts/setup.php: 2 Time(s)
/SQL/scripts/setup.php: 2 Time(s)
/SSLMySQLAdmin/scripts/setup.php: 1 Time(s)
We must remember that the people “pulling the strings” subvert organizations like the NSA by controlling the people at the top of the organization, and by making small “organizations within an organization”. Most people in the NSA are simply doing their job and have no idea about any big “evil master plan”. They are just doing their job. They can help the public all day long by making tools like SE Linux - but that won’t thwart the efforts of the “org within an org”.
First of all, as I said, most people turn off SE Linux - the control is available right from within the graphical interface, you don’t even have to go on the command line to turn it off. Just a few clicks, and all your security “issues” “go away”.
Secondly, unix itself is a security nightmare; it’s both complex and at the same time rinky-tink. How many of us go through our entire filesystem and make sure our permissions are right ? What about the directories and files under our own /home directory ? Most do not keep their files only readable by Owner, so the root password is not needed to read our files. Let alone the operation of all those services, languages, the countless commands: mind-numbing complexity and minutiae. Yet it’s far less of a nightmare than Windows because at least, with enough digging, you can find out what’s going on, even if you have to get down to the kernel source, whilst Windows is just a complete, utter disaster that is a mystery - on purpose !
Every service in the present-day OS architectures offers hacking potential. So it’s far more likely that backdoors are hidden in things like printing services than in the security part of the kernel. Just take for example Apache - there are countless ways to make mistakes in configuring it that will allow instrusions and allow dangerous access once it’s compromised. I literally sat, line by line in the config file, googling each setting along with words relating to hack, vulnerability, etc. It’s a monstrous minefield of pitfalls. Simple rules of thumb - if you don’t need it, don’t install it. Contrary to popular opinion, once you get your machine secure, it’s secure - so don’t keep updating it. Anything you change must be thoroughly researched in order to “wise up” to the vulnerabilities before you make the change. Get your machine configured so that it will not respond to illegitimate requests and keep it that way. An upgrade then becomes a whole new project where one takes the time to once again review everything (all configuration, services, running nmap against it, etc.) - old and new - before you start using your machine for anything.
Lastly, to sum up, perhaps the simplest answer of all is accurate; NSA, and by extension, government, looks great in the public eye in terms of being interested in secure computing by taking the initiative to contribute SE to Linux - most of their employees will echo the comment that the private sector should secure their machines against the threat of some “cyber attack”. Yet - SE can actually be what it says it is (no backdoor), and still not do much at all to stop the “threat of cyber attack”.
The NSA has cover - they’re doing their job. The transnational financial oligarchy and their efforts (manufactured crises, control of leading politicians and diplomats, control of capital, leadership in espionage, etc.) are not impeded by SE at all.
That kind of configuration is difficult to implement and can be hard to use. So while we have the tool(s) necessary to make us safe from any snooping (including the "org within and org" government, it is rarely (if ever) used effectively.