[unsignedint]

While this is possible, I believe it'd be extremely unlikely.

Let's say they indeed decided to include something in the code submitted. It's an open source project, and it is a just matter of when someone will catch that. Once someone catch that, it gives them nothing but material evidence that they are up for something there. (and for that matter, it's not that every Linux users will have SELinux enabled to begin with.)

[AsymetricCom]

That's why you put it in binary drivers or protocol libraries, where nobody looks anymore.

[unsignedint]

Exactly, so it's not so productive for NSA to tinker with SELinux just to get their trojan in the gate.

IMNO, hardware backdoor on the processors is a bit skeptical, though. I'm no expert on this but I don't know how easy to even exploit this type of backdoor without an assistance from the OS kernel. (Which MS might have implemented somehow.)

[beagle3]

If properly done in hardware, it needs no help from anything. Think about CPU "data breakpoints" - breakpoints that trigger if a specified if a specific value gets written to a specific range.

It's really a no-brainer to make such breakpoints that watch data in memory or registers that will be triggered by (e.g.) just processing a specific DNS packet.

[unsignedint]

Yeah, I suppose. I thought it'd be a bit more challenging to get the data out. I suppose they could do drop and retrieve, or attach some air-interface, etc.

[AsymetricCom]

Once they have root, they can use the existing resources just like you would a regular PC, but chances are they would load their own micro-kernel to do the dirty work.