what are the extra 13 paritions? root user security concerns?
I [was] running Yosemite 10.10.3 on a Late 2014 iMac Fusion Drive SSD and HDD
This might be a bit confusing, and I need assistance from someone who really knows what they're talking about here.
When messing around trying to secure my system, I enabled the root user to view certain files, and accidentally did not disable it when I was finished. After this, I unknowingly ran my computer for probably a month as the administrator with the root user enabled, and made number of downloads in the process (which used the same password as root). After recently realizing this, I noticed in my activity monitor that some of my downloaded application were running as root user, not as administrator, as I thought they should be, and I also found malware after running ClamXav.
Because of all this and my compromised root, I wanted to ensure there was no third party code was deeply embedded in my drive, so I backed my important data, and actually proceeded to (very carefully) separate my fusion drive using 'diskutil' commands, wiping and reformatting everything but the base system. Then, I booted into safe mode to check the "diskutil cs list" and "diskutil list" through the terminal, and was surprised to still find 17 partitions in total, including those in my Logical Volume Group. Command "diskutil cs list" reveals partitions /dev/disk0 as my SSD, /dev/disk1 as my HDD with .efi and recovery, and /dev/disk2 as the apple base system, and ALSO /dev/disk3 as my HDD again (which is an unusual addition to what I have seen as typical LVG diskutil cs list outputs, though I assume it is just be related to booting from recovery mode with no OS on my disk any longer)
Command "diskutil list" reveals these disks (/dev/disk0-3), along with small partitions, dev/disk4, /dev/disk5....all the way up to /dev/disk16. All these unknown disk partitions 4-16 range from 0-4mb in size. One of my main questions is simply what all of these extra partitions are.... are they just required hidden partitions only visible through the recovery mode boot?
Even if so, is there a possibility that my actions explained in the first paragraph have compromised the integrity of ANY of the disks on my drive(s)? I do not want any installs to have access to my root, or to have embedded anything into my core system, regardless of whether they are malicious or not. I did not do a full zero secure wipe, as I figured that would be overkill and wear on my drives, but am also curious if it is even possible that the base system or other core components could have been injected with any 3rd part code. I know I may seem overly paranoid but I want to ensure that my system does not have any security holes from the start, before I go about re-installing all my software again, some of which opens up security holes, but I am required to have it for my work.
I want to note that I have already downloaded a new OS through internet recovery mode onto my reconfigured fusion drive, and do not see these extra partitions when I am logged in as a user, however they still appear in recovery mode, re-affirming my assumption that they are simply hidden partitions only seen through the recovery boot menu. I still have not loaded any of my data however, and regardless of whether or not the extra /dev/disk partitions I noticed are simply hidden apple boot partitions, any advice on whether I should zero-pass wipe any drives and reinstall the OS again to absolutely ensure there are not security holes after having my root user compromised would be greatly appreciated. I could even resort to a full dban and use a snow leapord install disc I still have, but do not want to put extra wear on my drive it there is no chance these core drives were compromised. Sorry for not posting a picture of my terminal output as well; I was unable to setup an ssh connection to do a screen shot from the recovery partition. And thank you ahead of time to anyone who takes the time to read this and give me any advice.