So my preference here is: permissions and ownership in the base install
are fine. The default compile (and preferably install) should allow users
to include group-writable shared library paths, if not world-writable
paths. Consider our adduser implementation: each user is in their own
group anyway :-).
Not ldconfig related:
What about adding checks to /etc/security for permission critial parts
of the system (perhaps controled by periodic.conf)?