diff --git a/README.md b/README.md
index 34e25c16bc088c10c522f4b4b7810aa079cd0943..2133a7fe1554b0a666bc847b7f76dc94b1d6d581 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,16 @@ adds the following options:
 - source interface (needs root permissions)
 - perfometer
 
-**Note: Source address and source interface uses the "shell=True" option in in the "subprocess.Popen" command. This is highly insecure, so be careful.**
+**Note: Source address and source interface uses the "shell=True" option in in the "subprocess.Popen" command. This is insecure, so be careful.**
+
+To disable this options you need to comment out the line `shell = True` in [~/lib/nagios/plugins/check_traceroute](https://thl-cmk.hopto.org/gitlab/checkmk/vendor-independent/active_check_traceroute/-/blob/master/lib/nagios/plugins/check_traceroute) like this.
+
+```
+    if (source_int is not None) or (source_addr is not None):
+        cmd = ' '.join(cmd)
+        # shell = True
+
+```
 
 **Note**: the original TCP path trace option also needs root permisions.