The default /etc/fstab mounts the shared memory filesystem with the 'defaults' argument leaving the system in a vulnerable state. From the Gentoo Linux/x86 Handbook (http://www.gentoo.org/doc/en/handbook/handbook-x86.xml):

Code Listing 5: A full /etc/fstab example
/dev/hda1   /boot     ext2    noauto,noatime    1 2
/dev/hda2   none      swap    sw                0 0
/dev/hda3   /         ext3    noatime           0 1

none        /proc     proc    defaults          0 0
none        /dev/shm  tmpfs   defaults          0 0

Reproducible: Always
Steps to Reproduce:
1. Allow a user to upload a root-kit to the system.
2. The user mv's the rk to /dev/shm, un-tar's the rok.
3. The user un-tar's the root-kit.
4. The user executes the root-kit.
Actual Results:  
The user (effectively) 'owns' the box. 

Expected Results:  
 

The weaknesses of the shared memory filesystem seem to be well-enough known by 
the Security Community that this should be addresses in ALL Gentoo 
documentation but ESPECIALLY in the Security Guide. e.g., the Gentoo Linux/x86 
Handbook (http://www.gentoo.org/doc/en/handbook/handbook-x86.xml)