diff --git a/bash.spec b/bash.spec
index 3dcffd7f0792da28d0f7c33e87de9d894bace37a..3a2b51181d4df899908f01769597b514788c1352 100644
--- a/bash.spec
+++ b/bash.spec
@@ -1,6 +1,8 @@
+%define enable_safecheck 1
+
 Name:     bash
 Version:  5.2.15
-Release:  10
+Release:  11
 Summary:  It is the Bourne Again Shell
 License:  GPLv3
 URL:      https://www.gnu.org/software/bash
@@ -35,7 +37,9 @@ Patch6007: backport-renamed-several-functions-beginning-with-legal_-chan.patch
 Patch6008: backport-fix-for-cd-when-curent-directory-doesn-t-exist-fix-w.patch
 Patch6009: Fix-for-a-crash-if-one-of-the-expressions-in-an-arit.patch
 
+%if %{enable_safecheck}
 Patch9000: only-scripts-verified-by-execveat-are-allowed-to-run.patch
+%endif
 
 BuildRequires: gcc bison texinfo autoconf ncurses-devel
 # Required for bash tests
@@ -164,6 +168,9 @@ make check
 %exclude %{_infodir}/dir
 
 %changelog
+* Fri Nov 15 2024 wangyuhang <wangyuhang27@huawei.com> -5.2.15-11
+- the mayexec function no longer checks cmdline each time that verifies whether a script are allowed to run
+
 * Fri Nov 15 2024 wangyuhang <wangyuhang27@huawei.com> -5.2.15-10
 - only scripts verified by execveat are allowed to run
 
diff --git a/only-scripts-verified-by-execveat-are-allowed-to-run.patch b/only-scripts-verified-by-execveat-are-allowed-to-run.patch
index 776dc005612b70801df2c9755e92cc43dd2731b7..903b39ca2cee55c4efe5759f232c47d637345180 100644
--- a/only-scripts-verified-by-execveat-are-allowed-to-run.patch
+++ b/only-scripts-verified-by-execveat-are-allowed-to-run.patch
@@ -4,13 +4,13 @@ Date: Fri, 15 Nov 2024 15:52:35 +0800
 Subject: [PATCH] only scripts verified by execveat are allowed to run
 
 ---
- builtins/common.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++
+ builtins/common.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++
  builtins/common.h |  7 +++++++
  shell.c           |  4 ++++
- 3 files changed, 58 insertions(+)
+ 3 files changed, 60 insertions(+)
 
 diff --git a/builtins/common.c b/builtins/common.c
-index 19b00c4..ba89d6e 100644
+index 19b00c4..287e6da 100644
 --- a/builtins/common.c
 +++ b/builtins/common.c
 @@ -34,6 +34,7 @@
@@ -21,7 +21,7 @@ index 19b00c4..ba89d6e 100644
  
  #if defined (PREFER_STDARG)
  #  include <stdarg.h>
-@@ -1129,3 +1130,49 @@ set_expand_once (nval, uwp)
+@@ -1129,3 +1130,51 @@ set_expand_once (nval, uwp)
    return oa;
  }
  #endif
@@ -31,16 +31,19 @@ index 19b00c4..ba89d6e 100644
 +     const char *filename;
 +     int fd;
 +{
++    static int exec_check = -1;
 +    int ret = 0;
 +
-+    if (!proc_cmdline_get("exec_check.bash", "1"))
++    if (exec_check == -1)
++        exec_check = proc_cmdline_get("exec_check.bash", "1");
++
++    if (!exec_check)
 +        return 0;
 +
 +    ret = execveat(fd, "", NULL, NULL, AT_CHECK | AT_EMPTY_PATH);
 +    
-+    if (ret < 0) {
++    if (ret < 0)
 +        builtin_error (_("[%d] denied sourcing non-executable %s"), getpid(), filename);
-+    }
 +
 +    return ret;
 +}
@@ -61,9 +64,8 @@ index 19b00c4..ba89d6e 100644
 +    }
 +
 +    if (getline(&line, &len, file) != -1) {
-+        if (strstr(line, search_string)) {
++        if (strstr(line, search_string))
 +            ret = 1;
-+        }
 +    }
 +
 +    free(line);